Nvidia Sample CV Event Detector Microservice for detecting events for VSS Event Reviewer workflow.
The CV event detector is a sample microservice used to detect events in a video or live RTSP stream and pass them to Video Search and Summarization (VSS) to review them using a Video Large Language Model (VLM).
This microservice is configured using CV UI. After configuration the CV microservice connects to video file or live RTSP Stream and performs inference using DeepStream pipeline consisting of detector and tracker along with caching plugin which creates clips for VSS Event Review.
VSS User Guide
User Guide is available at: https://docs.nvidia.com/vss/index.html
Known CVEs
The CV Event Detector Container has the following known CVEs:
| CVE | Description |
|---|---|
| CVE-2025-4565 | This impacts protobuf < 4.25.8 python package, This impacts parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags leading to unbounded recursions and potential Denial-of-Service when protobuf pure-Python backend is used. This does not affect VSS since python backend of protobuf is not used. |
| CVE-2025-3887 | This impacts GStreamer H.265 codec parser, Malicious malformed streams can cause stack overflow in H.265 codec parser causing the application to crash. Users must take care that malicious H.265 streams are not added to VSS. This can be remedied by building and installing the GStreamer1.24.2 codec parser library after applying the patch mentioned in https://gstreamer.freedesktop.org/security/sa-2025-0001.html. |
| CVE-2025-48379 | This impacts pillow < 11.3.0 There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This can be remedied by upgrading to pillow 11.3.0. Note this package is not being used inside the Microservice directly but is installed as a dependency |
NOTE: This project will download and install additional third-party open source software projects. Review the license terms of these open source projects before use.
Deployment Note
The NV CV event detector container and Video Search and Summarization Blueprint is shared as reference and is provided "as is". The security in the production environment is the responsibility of the end users deploying it. When deploying in a production environment, please have security experts review any potential risks and threats; define the trust boundaries, implement logging and monitoring capabilities, secure the communication channels, integrate AuthN & AuthZ with appropriate access controls, keep the deployment up to date, ensure the containers/source code are secure and free of known vulnerabilities. The end users are also responsible for ensuring integrity and authenticity of the models and containers.
GOVERNING TERMS
The software and materials are governed by the NVIDIA Software License Agreement and the Product-Specific Terms for NVIDIA AI Products, except for models which are governed by the NVIDIA Community Model License.