Hi maintainers,
I’ve detected that the PyPI packageopencv-python-4.11.0.86 includes a binary dependency (opencv_python.libs/libgfortran-91cc3cb1.so.3.0.0), which is vulnerable toCVE-2014-5044.

CVE Details:

• Description: Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
• Affected versions:libgfortran < 4.8
• More info:
  • https://nvd.nist.gov/vuln/detail/CVE-2014-5044
  • http://www.openwall.com/lists/oss-security/2014/07/24/1

Recommended Action:

Please consider upgradelibgfortran to 4.8 or later to mitigate the vulnerability. This will help downstream users avoid potential security issues caused by the bundled vulnerable binary.

Thanks!