Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • CAPA Plan - BSI CE Mark Closeout
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
      • R-TF-012-019 SOUPs
        • Aioboto3
        • Albumentations
        • Argon2-CFFI
        • Authlib
        • Boto3
        • Dependency Injector
        • Dill
        • FastAPI
        • PyTorch Grad-CAM
        • Httpx
        • NumPy
        • PyNVML
        • OpenCV
        • Pillow
        • Psutil
        • Pydantic
        • Pydantic Settings
        • PyYAML
        • Segmentation Models PyTorch
        • Starlette
        • Timm
        • PyTorch
        • TorchVision
        • Ultralytics YOLO
        • Uvicorn
      • R-TF-012-028 Software Requirement Specification
      • R-TF-012-029 Software Architecture Description
      • R-TF-012-030 Software Configuration Management Plan
      • R-TF-012-031 Product requirements specification
      • R-TF-012-037 Labeling and IFU Requirements
      • R-TF-012-040 Documentation level FDA
      • R-TF-012-041 Software Classification 62304
      • R-TF-012-043 Traceability Matrix
      • Review meetings
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design and Manufacturing Information
  • R-TF-012-019 SOUPs
  • OpenCV

OpenCV

General Information​

FieldValue
Package Nameopencv-contrib-python-headless
Manufacturer / VendorOpenCV Team (open-source community)
Software CategoryLibrary
Primary DocumentationDocumentation, GitHub, PyPI
Programming Language(s)Python, C++
LicenseMIT License (packaging), Apache 2.0 (OpenCV library)
Deployed Version(s)>=4.12.0.88
Most Recent Available Version4.13.0.90
Last Review Date2026-01-26

Overview​

OpenCV (Open Source Computer Vision Library) is an open-source computer vision and machine learning software library containing over 2,500 optimized algorithms for real-time image and video analysis. The opencv-contrib-python-headless package provides pre-built Python bindings for OpenCV including extra contributed modules, optimized for server environments without GUI dependencies.

Within the medical device software, OpenCV serves as a critical image processing infrastructure component used across multiple architectural layers. It is integrated into:

  • Preprocessing pipelines: Image resizing, padding, and format normalization before neural network inference in all AI expert services (clinical condition classification, skin segmentation, image quality assessment)
  • Test-time augmentation (TTA): Geometric transformations (rotation, flipping) and contrast enhancement (CLAHE) for robust prediction ensemble strategies in the condition classifier
  • Color space management: RGB/BGR channel order conversion for interoperability with different libraries, and YCrCb conversion for luminance-based processing
  • Visualization rendering: Contour extraction from segmentation masks, bounding box drawing for detection results, and alpha-blended overlay generation for explainability visualizations
  • Object detection infrastructure: Input preparation for YOLO-based detection models

The headless variant was selected specifically for deployment in server/containerized environments (Docker, cloud infrastructure) where no display capabilities are required, reducing the dependency footprint by excluding GUI libraries (Qt, GTK). The library was chosen for its industry-standard status in computer vision, comprehensive algorithm coverage, excellent performance characteristics, native NumPy interoperability, and permissive licensing compatible with commercial medical device software.

Functional Requirements​

The following functional capabilities of this SOUP are relied upon by the medical device software.

Requirement IDDescriptionSource / Reference
FR-001Resize images using various interpolation methods (area, linear, cubic)cv2.resize() with cv2.INTER_AREA, INTER_LINEAR, INTER_CUBIC
FR-002Convert images between color spaces (RGB/BGR, RGB/YCrCb)cv2.cvtColor() with color conversion codes
FR-003Apply Contrast Limited Adaptive Histogram Equalization (CLAHE) to imagescv2.createCLAHE() and clahe.apply()
FR-004Rotate images by 90, 180, or 270 degreescv2.rotate() with rotation codes
FR-005Flip images horizontally, vertically, or bothcv2.flip() with flip codes
FR-006Detect and extract contours from binary segmentation maskscv2.findContours() with retrieval/approximation modes
FR-007Draw contours on images for visualizationcv2.drawContours()
FR-008Draw polylines for bounding box visualizationcv2.polylines()
FR-009Blend images using weighted addition for overlay visualizationcv2.addWeighted()
FR-010Provide border padding mode constants for image augmentation pipelinescv2.BORDER_CONSTANT

Performance Requirements​

The following performance expectations are relevant to the medical device software.

Requirement IDDescriptionAcceptance Criteria
PR-001Image preprocessing operations shall complete within acceptable inference latencyOperations complete within the overall API timeout
PR-002Memory usage shall scale predictably with image dimensionsNo memory leaks during repeated preprocessing operations
PR-003Interpolation quality shall preserve diagnostic features during resizingVisual inspection confirms no artifacts in clinical areas

Hardware Requirements​

The following hardware dependencies or constraints are imposed by this SOUP component.

Requirement IDDescriptionNotes / Limitations
HR-001x86-64 or ARM64 processor architecturePre-built wheels available for common platforms
HR-002Sufficient system memory for image pixel dataMemory requirements scale with image resolution and color depth

Software Requirements​

The following software dependencies and environmental assumptions are required by this SOUP component.

Requirement IDDescriptionDependency / Version Constraints
SR-001Python runtime environmentPython >=3.7, <3.14
SR-002NumPy for array interoperabilityNumPy 2.x for Python 3.9+
SR-003No GUI libraries required (headless variant)Qt/GTK not bundled or required

Known Anomalies Assessment​

This section evaluates publicly reported issues, defects, or security vulnerabilities associated with this SOUP component and their relevance to the medical device software.

Anomaly ReferenceStatusApplicableRationaleReviewed At
CVE-2025-53644 (heap buffer write)FixedNoAffects JPEG image parsing in versions 4.10.0-4.11.0; the device deploys >=4.12.0.88 which includes the fix2026-01-26
VDB-228548 (wechat_qrcode memory leak)FixedNoAffects wechat_qrcode module not used by the device; patch applied in OpenCV 4.8.0+2026-01-26

OpenCV maintains a responsible security posture with prompt patching of reported vulnerabilities. According to Snyk's vulnerability database, historical vulnerabilities have been addressed in subsequent releases. The CVE Details tracker reports minimal security issues for recent versions.

The device's usage pattern minimizes attack surface exposure:

  • Controlled input sources: All image data is received through authenticated API endpoints; no arbitrary file path parsing or user-controlled file format selection
  • No affected modules: The device does not use the wechat_qrcode module or other contributed modules with reported vulnerabilities
  • Standard operations only: The device uses well-tested core functions (resize, cvtColor, findContours) that have been stable for many OpenCV releases
  • No untrusted JPEG parsing: Image decoding is handled primarily by Pillow; OpenCV is used for geometric and color transformations on already-decoded NumPy arrays
  • Version management: The minimum version constraint (>=4.12.0.88) ensures the CVE-2025-53644 fix is included in all deployments

Risk Control Measures​

The following risk control measures are implemented to mitigate potential security and operational risks associated with this SOUP component:

  • Input validation at API boundaries ensures all image data is validated before processing
  • Pillow is used for primary image decoding; OpenCV is used for transformations on already-decoded NumPy arrays
  • OpenCV usage is limited to transformation and visualization operations on validated data
  • Version constraints (>=4.12.0.88) ensure all known security fixes are included
  • No use of affected contributed modules (wechat_qrcode, etc.)

Assessment Methodology​

The following methodology was used to identify and assess known anomalies:

  • Sources consulted: National Vulnerability Database (NVD), CVE Details for OpenCV, Snyk vulnerability database, OpenCVE tracker, Debian Security Tracker, and the OpenCV GitHub repository issue tracker
  • Criteria for determining applicability: Vulnerabilities were assessed based on whether the affected functionality (specific modules, file format parsers) is used by the device, whether the input vectors are reachable through the device's API, and whether the deployed version includes applicable fixes

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
PyNVML
Next
Pillow
  • General Information
  • Overview
  • Functional Requirements
  • Performance Requirements
  • Hardware Requirements
  • Software Requirements
  • Known Anomalies Assessment
    • Risk Control Measures
    • Assessment Methodology
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)