Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn14261-1

Type deb

Namespace debian

Name libvorbisidec

Version 1.0.2+svn14261-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.2.1+git20180316-3

Latest_non_vulnerable_version 1.2.1+git20180316-3

Affected_by_vulnerabilities

url VCID-dn6k-uzwy-8fbj

vulnerability_id VCID-dn6k-uzwy-8fbj

summary The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147

reference_url

https://security.archlinux.org/AVG-659

reference_id

AVG-659

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-659

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

reference_id

mfsa2018-08

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

fixed_packages

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1~deb8u2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1

url	pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3
purl	pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.2.1%252Bgit20180316-3

aliases CVE-2018-5147

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dn6k-uzwy-8fbj

url VCID-j8zw-dg26-hfbe

vulnerability_id VCID-j8zw-dg26-hfbe

summary

Mozilla upgraded several third party libraries used in media
rendering to address multiple memory safety and stability bugs
identified by members of the Mozilla community.  Some of the bugs
discovered could potentially be used by an attacker to crash a
victim's browser and execute arbitrary code on their
computer.  liboggz, libvorbis,
and liboggplay were all upgraded to address these
issues.Audio and video capabilities were added in Firefox 3.5
so prior releases of Firefox were not affected.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379
reference_id	CVE-2009-3379
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-63

reference_id

mfsa2009-63

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-63

fixed_packages

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-0.2

aliases CVE-2009-3379

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe

url VCID-k4pn-yxd9-h3ad

vulnerability_id VCID-k4pn-yxd9-h3ad

summary

Mozilla upgraded several third party libraries used in media
rendering to address multiple memory safety and stability bugs
identified by members of the Mozilla community.  Some of the bugs
discovered could potentially be used by an attacker to crash a
victim's browser and execute arbitrary code on their
computer.  liboggz, libvorbis,
and liboggplay were all upgraded to address these
issues.Audio and video capabilities were added in Firefox 3.5
so prior releases of Firefox were not affected.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663
reference_id	CVE-2009-2663
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-45

reference_id

mfsa2009-45

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-45

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-63

reference_id

mfsa2009-63

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-63

fixed_packages

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-nbbh-ws5y-3uh4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn16259-2

aliases CVE-2009-2663

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4pn-yxd9-h3ad

url VCID-nbbh-ws5y-3uh4

vulnerability_id VCID-nbbh-ws5y-3uh4

summary

Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative the possibility of memory corruption during
the decoding of Ogg Vorbis files. This can cause a crash during decoding and has
the potential for remote code execution.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
reference_id	CVE-2012-0444
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-07

reference_id

mfsa2012-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-07

fixed_packages

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-0.2

aliases CVE-2012-0444

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn14261-1

Package Instance