Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qa3t-c5ua-mfdy

Summary

Multiple vulnerabilities have been found in libTIFF, the worst of
    which may allow execution of arbitrary code.

Aliases

alias	CVE-2016-5320

Fixed_packages

url pkg:alpm/archlinux/lib32-libtiff@4.0.7-1

purl pkg:alpm/archlinux/lib32-libtiff@4.0.7-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-nyjs-ay8u-13gx

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-libtiff@4.0.7-1

url	pkg:alpm/archlinux/libtiff@4.0.7-1
purl	pkg:alpm/archlinux/libtiff@4.0.7-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libtiff@4.0.7-1

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.2&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.2&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86_64&distroversion=v3.2&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.4&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.4&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86&distroversion=v3.4&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.4&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.4&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86_64&distroversion=v3.4&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=armhf&distroversion=v3.3&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.2&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.2&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=armhf&distroversion=v3.2&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.2&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.2&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86&distroversion=v3.2&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.4&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=armhf&distroversion=v3.4&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=armhf&distroversion=v3.4&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86&distroversion=v3.3&reponame=main

url	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/tiff@4.0.7-r0?arch=x86_64&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.0.7-r0%3Farch=x86_64&distroversion=v3.3&reponame=main

url	pkg:ebuild/media-libs/tiff@4.0.7
purl	pkg:ebuild/media-libs/tiff@4.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.7

Affected_packages

url pkg:alpm/archlinux/lib32-libtiff@4.0.6-2

purl pkg:alpm/archlinux/lib32-libtiff@4.0.6-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2a5b-7k5n-73fx

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-czyn-snja-skba

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-hfrr-s8ge-z7hx

vulnerability	VCID-jr5v-vzng-nbcb

vulnerability	VCID-k8zk-je18-wbb8

vulnerability	VCID-m7mp-g37h-p3g9

vulnerability	VCID-mqad-tkgf-r3ag

vulnerability	VCID-mwb4-9fjj-qyfs

vulnerability	VCID-n5xz-y6bx-myfr

vulnerability	VCID-p9pe-czsr-9uhu

vulnerability	VCID-pczq-1huj-p7hf

vulnerability	VCID-pf5w-eted-9kc9

vulnerability	VCID-qa3t-c5ua-mfdy

vulnerability	VCID-rqmj-ns2c-jbh4

vulnerability	VCID-s2xb-r3c7-7fc4

vulnerability	VCID-s4k8-v3sj-23fw

vulnerability	VCID-s7s4-ux2t-3yc5

vulnerability	VCID-spqg-q1z6-pyex

vulnerability	VCID-u1mj-pxtw-7qet

vulnerability	VCID-vn6c-kuq7-k3hv

vulnerability	VCID-wes8-vrs4-gygk

vulnerability	VCID-wpd2-zcyv-s7g8

vulnerability	VCID-x91e-13q2-yked

vulnerability	VCID-xg5z-jss1-3ycp

vulnerability	VCID-xg6v-katm-67et

vulnerability	VCID-xx3b-d12j-8qc4

vulnerability	VCID-ytpu-tcxj-guex

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-libtiff@4.0.6-2

url pkg:alpm/archlinux/libtiff@4.0.6-2

purl pkg:alpm/archlinux/libtiff@4.0.6-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2a5b-7k5n-73fx

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-czyn-snja-skba

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-hfrr-s8ge-z7hx

vulnerability	VCID-jr5v-vzng-nbcb

vulnerability	VCID-k8zk-je18-wbb8

vulnerability	VCID-m7mp-g37h-p3g9

vulnerability	VCID-mqad-tkgf-r3ag

vulnerability	VCID-mwb4-9fjj-qyfs

vulnerability	VCID-n5xz-y6bx-myfr

vulnerability	VCID-p9pe-czsr-9uhu

vulnerability	VCID-pczq-1huj-p7hf

vulnerability	VCID-pf5w-eted-9kc9

vulnerability	VCID-qa3t-c5ua-mfdy

vulnerability	VCID-rqmj-ns2c-jbh4

vulnerability	VCID-s2xb-r3c7-7fc4

vulnerability	VCID-s4k8-v3sj-23fw

vulnerability	VCID-s7s4-ux2t-3yc5

vulnerability	VCID-spqg-q1z6-pyex

vulnerability	VCID-u1mj-pxtw-7qet

vulnerability	VCID-vn6c-kuq7-k3hv

vulnerability	VCID-wes8-vrs4-gygk

vulnerability	VCID-wpd2-zcyv-s7g8

vulnerability	VCID-x91e-13q2-yked

vulnerability	VCID-xg5z-jss1-3ycp

vulnerability	VCID-xg6v-katm-67et

vulnerability	VCID-xx3b-d12j-8qc4

vulnerability	VCID-ytpu-tcxj-guex

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libtiff@4.0.6-2

url pkg:rpm/redhat/libtiff@3.9.4-18?arch=el6_8

purl pkg:rpm/redhat/libtiff@3.9.4-18?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ecn-xrs5-hubq

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-gsfh-epay-ckgk

vulnerability	VCID-mb38-6e5v-fbah

vulnerability	VCID-mqad-tkgf-r3ag

vulnerability	VCID-n614-w2nh-rqbe

vulnerability	VCID-nyjs-ay8u-13gx

vulnerability	VCID-pczq-1huj-p7hf

vulnerability	VCID-pf5w-eted-9kc9

vulnerability	VCID-qa3t-c5ua-mfdy

vulnerability	VCID-s7s4-ux2t-3yc5

vulnerability	VCID-u1mj-pxtw-7qet

vulnerability	VCID-vn6c-kuq7-k3hv

vulnerability	VCID-vv32-13t8-1fht

vulnerability	VCID-z17v-aeta-1qb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@3.9.4-18%3Farch=el6_8

url pkg:rpm/redhat/libtiff@4.0.3-25?arch=el7_2

purl pkg:rpm/redhat/libtiff@4.0.3-25?arch=el7_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ecn-xrs5-hubq

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-gsfh-epay-ckgk

vulnerability	VCID-mb38-6e5v-fbah

vulnerability	VCID-mqad-tkgf-r3ag

vulnerability	VCID-n614-w2nh-rqbe

vulnerability	VCID-nyjs-ay8u-13gx

vulnerability	VCID-pczq-1huj-p7hf

vulnerability	VCID-pf5w-eted-9kc9

vulnerability	VCID-qa3t-c5ua-mfdy

vulnerability	VCID-s7s4-ux2t-3yc5

vulnerability	VCID-u1mj-pxtw-7qet

vulnerability	VCID-vn6c-kuq7-k3hv

vulnerability	VCID-vv32-13t8-1fht

vulnerability	VCID-z17v-aeta-1qb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@4.0.3-25%3Farch=el7_2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5320.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5320.json

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1346687
reference_id	1346687
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1346687

reference_url	https://security.archlinux.org/ASA-201611-26
reference_id	ASA-201611-26
reference_type
scores
url	https://security.archlinux.org/ASA-201611-26

reference_url	https://security.archlinux.org/ASA-201611-27
reference_id	ASA-201611-27
reference_type
scores
url	https://security.archlinux.org/ASA-201611-27

reference_url

https://security.archlinux.org/AVG-85

reference_id

AVG-85

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-85

reference_url

https://security.archlinux.org/AVG-86

reference_id

AVG-86

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-86

reference_url	https://security.gentoo.org/glsa/201701-16
reference_id	GLSA-201701-16
reference_type
scores
url	https://security.gentoo.org/glsa/201701-16

reference_url	https://access.redhat.com/errata/RHSA-2016:1546
reference_id	RHSA-2016:1546
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1546

reference_url	https://access.redhat.com/errata/RHSA-2016:1547
reference_id	RHSA-2016:1547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1547

reference_url	https://usn.ubuntu.com/3212-1/
reference_id	USN-3212-1
reference_type
scores
url	https://usn.ubuntu.com/3212-1/

Weaknesses

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 5.8 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qa3t-c5ua-mfdy

Vulnerability Instance