Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/58349?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "type": "conan", "namespace": "", "name": "openexr", "version": "3.1.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42775?format=api", "vulnerability_id": "VCID-4ztd-m43n-7fas", "summary": "Divide By Zero\nIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3941", "reference_id": "CVE-2021-3941", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3941" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" } ], "aliases": [ "CVE-2021-3941" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztd-m43n-7fas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7265?format=api", "vulnerability_id": "VCID-5h3s-6g7x-y7ev", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970987" }, { "reference_url": "https://security.archlinux.org/ASA-202107-14", "reference_id": "ASA-202107-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-14" }, { "reference_url": "https://security.archlinux.org/AVG-2071", "reference_id": "AVG-2071", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2071" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3598", "reference_id": "CVE-2021-3598", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" } ], "aliases": [ "CVE-2021-3598" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h3s-6g7x-y7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41943?format=api", "vulnerability_id": "VCID-9225-wpup-z3h6", "summary": "Out-of-bounds Write\nOpenEXR has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.", "references": [ { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416" }, { "reference_url": "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e" }, { "reference_url": "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0" }, { "reference_url": "https://github.com/AcademySoftwareFoundation/openexr/pull/1209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/1209" }, { "reference_url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45942", "reference_id": "CVE-2021-45942", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45942" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" } ], "aliases": [ "CVE-2021-45942" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9225-wpup-z3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7276?format=api", "vulnerability_id": "VCID-sjx2-83vv-mqgu", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970991" }, { "reference_url": "https://security.archlinux.org/AVG-2107", "reference_id": "AVG-2107", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2107" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3605", "reference_id": "CVE-2021-3605", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3605" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" } ], "aliases": [ "CVE-2021-3605" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjx2-83vv-mqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42778?format=api", "vulnerability_id": "VCID-wqnd-x1rf-a7dv", "summary": "Integer Overflow or Wraparound\nAn integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019783" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3933", "reference_id": "CVE-2021-3933", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58349?format=api", "purl": "pkg:conan/openexr@3.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" } ], "aliases": [ "CVE-2021-3933" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqnd-x1rf-a7dv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.1.4" }