Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-et32-whyj-dyev

Summary Security researcher Joshua Drake reported potential integer overflows in the libstagefright library while processing video sample metadata in MPEG4 video files. This can lead to a potentially exploitable crash.

Aliases

alias	CVE-2015-4496

Fixed_packages

url	pkg:mozilla/Firefox@38.0.0
purl	pkg:mozilla/Firefox@38.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@38.0.0

url	pkg:mozilla/SeaMonkey@2.35.0
purl	pkg:mozilla/SeaMonkey@2.35.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.35.0

Affected_packages

url pkg:rpm/redhat/firefox@38.0-3?arch=el7_1

purl pkg:rpm/redhat/firefox@38.0-3?arch=el7_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-55t4-7jnq-j7fx

vulnerability	VCID-et32-whyj-dyev

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.0-3%3Farch=el7_1

url pkg:rpm/redhat/firefox@38.0-4?arch=el6_6

purl pkg:rpm/redhat/firefox@38.0-4?arch=el6_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51hn-ab8w-c7bn

vulnerability	VCID-55t4-7jnq-j7fx

vulnerability	VCID-et32-whyj-dyev

vulnerability	VCID-ghtc-dh9g-2ufb

vulnerability	VCID-pcxu-acuh-m3be

vulnerability	VCID-xx39-5rg1-b3am

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.0-4%3Farch=el6_6

url pkg:rpm/redhat/firefox@38.0-4?arch=el5_11

purl pkg:rpm/redhat/firefox@38.0-4?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51hn-ab8w-c7bn

vulnerability	VCID-55t4-7jnq-j7fx

vulnerability	VCID-et32-whyj-dyev

vulnerability	VCID-ghtc-dh9g-2ufb

vulnerability	VCID-pcxu-acuh-m3be

vulnerability	VCID-xx39-5rg1-b3am

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.0-4%3Farch=el5_11

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4496.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4496.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4496

reference_id

reference_type

scores

value	0.01513
scoring_system	epss
scoring_elements	0.81249
published_at	2026-04-16T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81149
published_at	2026-04-01T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81158
published_at	2026-04-02T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81182
published_at	2026-04-04T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81181
published_at	2026-04-07T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81208
published_at	2026-04-08T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81214
published_at	2026-04-09T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81234
published_at	2026-04-11T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.8122
published_at	2026-04-12T12:55:00Z

value	0.01513
scoring_system	epss
scoring_elements	0.81213
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4496

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1253550
reference_id	1253550
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1253550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4496
reference_id	CVE-2015-4496
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4496

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-93

reference_id

mfsa2015-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-93

reference_url	https://access.redhat.com/errata/RHSA-2015:0988
reference_id	RHSA-2015:0988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0988

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et32-whyj-dyev

Vulnerability Instance