Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/gdcm@2.4.4-3%2Bdeb8u1

Type deb

Namespace debian

Name gdcm

Version 2.4.4-3+deb8u1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.6-3

Latest_non_vulnerable_version 3.0.24-9

Affected_by_vulnerabilities

url VCID-f2hr-w48s-k3ha

vulnerability_id VCID-f2hr-w48s-k3ha

summary Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

references

reference_url	http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
reference_id
reference_type
scores
url	http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/

reference_url	http://packetstormsecurity.com/files/135205/GDCM-2.6.0-2.6.1-Integer-Overflow.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/135205/GDCM-2.6.0-2.6.1-Integer-Overflow.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8396

reference_id

reference_type

scores

value	0.18738
scoring_system	epss
scoring_elements	0.95301
published_at	2026-04-21T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.9597
published_at	2026-04-08T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95988
published_at	2026-04-16T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95994
published_at	2026-04-18T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95949
published_at	2026-04-02T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95956
published_at	2026-04-04T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95961
published_at	2026-04-07T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95941
published_at	2026-04-01T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95972
published_at	2026-04-09T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95976
published_at	2026-04-12T12:55:00Z

value	0.23518
scoring_system	epss
scoring_elements	0.95979
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8396

reference_url	http://seclists.org/fulldisclosure/2016/Jan/29
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/Jan/29

reference_url	http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/

reference_url	http://sourceforge.net/p/gdcm/mailman/message/34670701/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/mailman/message/34670701/

reference_url	http://sourceforge.net/p/gdcm/mailman/message/34687533/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/mailman/message/34687533/

reference_url	https://www.exploit-db.com/exploits/39229/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/39229/

reference_url	http://www.securityfocus.com/archive/1/537264/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/537264/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom::::::::
reference_id	cpe:2.3:a:malaterre:grassroots_dicom::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom:2.6.1:::::::*
reference_id	cpe:2.3:a:malaterre:grassroots_dicom:2.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom:2.6.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8396

reference_id

CVE-2015-8396

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8396

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39229.cpp
reference_id	CVE-2015-8396;OSVDB-131597
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39229.cpp

fixed_packages

url	pkg:deb/debian/gdcm@2.6.6-3
purl	pkg:deb/debian/gdcm@2.6.6-3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.6.6-3

aliases CVE-2015-8396

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2hr-w48s-k3ha

url VCID-fz53-7wyn-qubv

vulnerability_id VCID-fz53-7wyn-qubv

summary The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

references

reference_url	http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
reference_id
reference_type
scores
url	http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/

reference_url	http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8397

reference_id

reference_type

scores

value	0.02058
scoring_system	epss
scoring_elements	0.83926
published_at	2026-04-21T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83893
published_at	2026-04-13T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83826
published_at	2026-04-01T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.8384
published_at	2026-04-02T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83855
published_at	2026-04-04T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83857
published_at	2026-04-07T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.8388
published_at	2026-04-08T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83887
published_at	2026-04-09T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83903
published_at	2026-04-11T12:55:00Z

value	0.02058
scoring_system	epss
scoring_elements	0.83897
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8397

reference_url	http://seclists.org/fulldisclosure/2016/Jan/33
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/Jan/33

reference_url	http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/

reference_url	http://sourceforge.net/p/gdcm/mailman/message/34670701/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/mailman/message/34670701/

reference_url	http://sourceforge.net/p/gdcm/mailman/message/34687533/
reference_id
reference_type
scores
url	http://sourceforge.net/p/gdcm/mailman/message/34687533/

reference_url	http://www.securityfocus.com/archive/1/537263/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/537263/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom::::::::
reference_id	cpe:2.3:a:malaterre:grassroots_dicom::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:malaterre:grassroots_dicom::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8397

reference_id

CVE-2015-8397

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8397

fixed_packages

url	pkg:deb/debian/gdcm@2.6.6-3
purl	pkg:deb/debian/gdcm@2.6.6-3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.6.6-3

aliases CVE-2015-8397

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz53-7wyn-qubv

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.4.4-3%252Bdeb8u1

Package Instance