Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dn6k-uzwy-8fbj

Summary The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.

Aliases

alias	CVE-2018-5147

Fixed_packages

url	pkg:alpm/archlinux/firefox@59.0.1-1
purl	pkg:alpm/archlinux/firefox@59.0.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@59.0.1-1

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1~deb8u2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1

url	pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3
purl	pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.2.1%252Bgit20180316-3

Affected_packages

url pkg:alpm/archlinux/firefox@59.0-2

purl pkg:alpm/archlinux/firefox@59.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

vulnerability	VCID-yw14-7xmq-g3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@59.0-2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn14261-1

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn14261-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-k4pn-yxd9-h3ad

vulnerability	VCID-nbbh-ws5y-3uh4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn14261-1

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

vulnerability	VCID-j8zw-dg26-hfbe

vulnerability	VCID-nbbh-ws5y-3uh4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn16259-2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-0.2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1~deb8u2

url pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

purl pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dn6k-uzwy-8fbj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147

reference_url

https://security.archlinux.org/AVG-659

reference_id

AVG-659

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-659

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

reference_id

mfsa2018-08

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dn6k-uzwy-8fbj

Vulnerability Instance