Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-v1gt-2387-67dw
Summary
Security researcher Dan Kaminsky reported an
integer overflow in the Theora video library.  A video's dimensions
were being multiplied together and used in particular memory
allocations.  When the video dimensions were sufficiently large, the
multiplication could overflow a 32-bit integer resulting in too small
a memory buffer being allocated for the video.  An attacker could use
a specially crafted video to write data past the bounds of this
buffer, causing a crash and potentially running arbitrary code on a
victim's computer.Mozilla intern David Keeler also independently
reported this issue as well as an additional crash which was
determined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine
in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these
products were not affected.These bugs were fixed upstream in Theora version 1.1
("Thusnelda") but the older version used in Firefox 3.5 needed this
patch.
Aliases
0
alias CVE-2009-3389
Fixed_packages
0
url pkg:deb/debian/libtheora@1.1.1%2Bdfsg.1-3
purl pkg:deb/debian/libtheora@1.1.1%2Bdfsg.1-3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtheora@1.1.1%252Bdfsg.1-3
1
url pkg:mozilla/Firefox@3.5.6
purl pkg:mozilla/Firefox@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6
2
url pkg:mozilla/SeaMonkey@2.0.1
purl pkg:mozilla/SeaMonkey@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1
3
url pkg:mozilla/Thunderbird@3.0.1
purl pkg:mozilla/Thunderbird@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.1
Affected_packages
0
url pkg:deb/debian/libtheora@0.0.0.alpha4-1.1
purl pkg:deb/debian/libtheora@0.0.0.alpha4-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v1gt-2387-67dw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtheora@0.0.0.alpha4-1.1
1
url pkg:deb/debian/libtheora@0.0.0.alpha7.dfsg-1.1
purl pkg:deb/debian/libtheora@0.0.0.alpha7.dfsg-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v1gt-2387-67dw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtheora@0.0.0.alpha7.dfsg-1.1
2
url pkg:deb/debian/libtheora@1.0~beta3-1%2Blenny1
purl pkg:deb/debian/libtheora@1.0~beta3-1%2Blenny1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v1gt-2387-67dw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtheora@1.0~beta3-1%252Blenny1
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
reference_id CVE-2009-3389
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-67
reference_id mfsa2009-67
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-67
Weaknesses
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-v1gt-2387-67dw