Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yw14-7xmq-g3e6

Summary An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

Aliases

alias	CVE-2018-5146

Fixed_packages

url	pkg:alpm/archlinux/firefox@59.0.1-1
purl	pkg:alpm/archlinux/firefox@59.0.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@59.0.1-1

url	pkg:alpm/archlinux/lib32-libvorbis@1.3.6-1
purl	pkg:alpm/archlinux/lib32-libvorbis@1.3.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-libvorbis@1.3.6-1

url	pkg:alpm/archlinux/libvorbis@1.3.6-1
purl	pkg:alpm/archlinux/libvorbis@1.3.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libvorbis@1.3.6-1

url	pkg:alpm/archlinux/thunderbird@52.7.0-1
purl	pkg:alpm/archlinux/thunderbird@52.7.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@52.7.0-1

url pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1

purl pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.4-2%252Bdeb8u1

url pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

purl pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2

url	pkg:deb/debian/libvorbis@1.3.6-2
purl	pkg:deb/debian/libvorbis@1.3.6-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2

url	pkg:mozilla/Firefox@59.0.1
purl	pkg:mozilla/Firefox@59.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@59.0.1

url	pkg:mozilla/Firefox%20ESR@52.7.2
purl	pkg:mozilla/Firefox%20ESR@52.7.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@52.7.2

Affected_packages

url pkg:alpm/archlinux/firefox@59.0-2

purl pkg:alpm/archlinux/firefox@59.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@59.0-2

url pkg:alpm/archlinux/lib32-libvorbis@1.3.5-1

purl pkg:alpm/archlinux/lib32-libvorbis@1.3.5-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-libvorbis@1.3.5-1

url pkg:alpm/archlinux/libvorbis@1.3.5-1

purl pkg:alpm/archlinux/libvorbis@1.3.5-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libvorbis@1.3.5-1

url pkg:alpm/archlinux/thunderbird@52.6.0-2

purl pkg:alpm/archlinux/thunderbird@52.6.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vcg-jqmc-hbgv

vulnerability	VCID-hv3z-93zn-ebhp

vulnerability	VCID-j2t7-a23g-zqf8

vulnerability	VCID-mgns-xhb9-cuc3

vulnerability	VCID-yw14-7xmq-g3e6

vulnerability	VCID-zuwx-k59j-zqap

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@52.6.0-2

url pkg:deb/debian/libvorbis@1.0rc3-1

purl pkg:deb/debian/libvorbis@1.0rc3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.0rc3-1

url pkg:deb/debian/libvorbis@1.1.0-2

purl pkg:deb/debian/libvorbis@1.1.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.1.0-2

url pkg:deb/debian/libvorbis@1.1.2.dfsg-1.2

purl pkg:deb/debian/libvorbis@1.1.2.dfsg-1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.1.2.dfsg-1.2

url pkg:deb/debian/libvorbis@1.1.2.dfsg-1.4%2Betch1

purl pkg:deb/debian/libvorbis@1.1.2.dfsg-1.4%2Betch1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.1.2.dfsg-1.4%252Betch1

url pkg:deb/debian/libvorbis@1.2.0.dfsg-3.1%2Blenny1

purl pkg:deb/debian/libvorbis@1.2.0.dfsg-3.1%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.2.0.dfsg-3.1%252Blenny1

url pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1

purl pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-nbbh-ws5y-3uh4

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1

url pkg:deb/debian/libvorbis@1.3.2-1.3

purl pkg:deb/debian/libvorbis@1.3.2-1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.2-1.3

url pkg:deb/debian/libvorbis@1.3.4-2

purl pkg:deb/debian/libvorbis@1.3.4-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.4-2

url pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1

purl pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.4-2%252Bdeb8u1

url pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

purl pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ntd-28nj-cuex

vulnerability	VCID-6dfq-gbf6-7fc7

vulnerability	VCID-kad4-b6ez-y3dx

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

reference_url	https://security.archlinux.org/ASA-201803-12
reference_id	ASA-201803-12
reference_type
scores
url	https://security.archlinux.org/ASA-201803-12

reference_url	https://security.archlinux.org/ASA-201803-13
reference_id	ASA-201803-13
reference_type
scores
url	https://security.archlinux.org/ASA-201803-13

reference_url	https://security.archlinux.org/ASA-201803-21
reference_id	ASA-201803-21
reference_type
scores
url	https://security.archlinux.org/ASA-201803-21

reference_url	https://security.archlinux.org/ASA-201803-22
reference_id	ASA-201803-22
reference_type
scores
url	https://security.archlinux.org/ASA-201803-22

reference_url

https://security.archlinux.org/AVG-367

reference_id

AVG-367

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-367

reference_url

https://security.archlinux.org/AVG-657

reference_id

AVG-657

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-657

reference_url

https://security.archlinux.org/AVG-658

reference_id

AVG-658

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-658

reference_url

https://security.archlinux.org/AVG-663

reference_id

AVG-663

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-663

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

reference_id

mfsa2018-08

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

reference_id

mfsa2018-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yw14-7xmq-g3e6

Vulnerability Instance