Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-t16b-mbs7-wfc1

Summary libwebp: heap-based buffer overflow in PutLE16()

Aliases

alias	CVE-2018-25011

Fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1?distro=trixie
purl	pkg:deb/debian/libwebp@0.6.1-2.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%3Fdistro=trixie

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

url	pkg:deb/debian/libwebp@1.2.4-0.2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libwebp@1.2.4-0.2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@1.2.4-0.2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libwebp@1.5.0-0.1?distro=trixie
purl	pkg:deb/debian/libwebp@1.5.0-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@1.5.0-0.1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libwebp@0.1.3-3%2Bnmu1

purl pkg:deb/debian/libwebp@0.1.3-3%2Bnmu1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-edjd-xk1f-gkgg

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-y1t9-28vr-euep

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.1.3-3%252Bnmu1

url pkg:deb/debian/libwebp@0.4.1-1.2

purl pkg:deb/debian/libwebp@0.4.1-1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-edjd-xk1f-gkgg

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-y1t9-28vr-euep

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.4.1-1.2

url pkg:deb/debian/libwebp@0.5.2-1

purl pkg:deb/debian/libwebp@0.5.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.5.2-1

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url pkg:rpm/redhat/libwebp@0.3.0-10?arch=el7_9

purl pkg:rpm/redhat/libwebp@0.3.0-10?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-t16b-mbs7-wfc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libwebp@0.3.0-10%3Farch=el7_9

url pkg:rpm/redhat/libwebp@1.0.0-3?arch=el8_4

purl pkg:rpm/redhat/libwebp@1.0.0-3?arch=el8_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-t16b-mbs7-wfc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libwebp@1.0.0-3%3Farch=el8_4

url pkg:rpm/redhat/libwebp@1.0.0-4?arch=el8_1

purl pkg:rpm/redhat/libwebp@1.0.0-4?arch=el8_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-t16b-mbs7-wfc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libwebp@1.0.0-4%3Farch=el8_1

url pkg:rpm/redhat/libwebp@1.0.0-4?arch=el8_2

purl pkg:rpm/redhat/libwebp@1.0.0-4?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-t16b-mbs7-wfc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libwebp@1.0.0-4%3Farch=el8_2

url pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2?arch=el7_9

purl pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-t16b-mbs7-wfc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2%3Farch=el7_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25011

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59067
published_at	2026-04-01T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.5914
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59164
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59128
published_at	2026-04-07T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59179
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59192
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59211
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59194
published_at	2026-04-12T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59175
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.5921
published_at	2026-04-16T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59215
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956919
reference_id	1956919
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956919

reference_url	https://access.redhat.com/errata/RHSA-2021:2260
reference_id	RHSA-2021:2260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2260

reference_url	https://access.redhat.com/errata/RHSA-2021:2328
reference_id	RHSA-2021:2328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2328

reference_url	https://access.redhat.com/errata/RHSA-2021:2354
reference_id	RHSA-2021:2354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2354

reference_url	https://access.redhat.com/errata/RHSA-2021:2364
reference_id	RHSA-2021:2364
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2364

reference_url	https://access.redhat.com/errata/RHSA-2021:2365
reference_id	RHSA-2021:2365
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2365

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

Weaknesses

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 9.8 - 9.8

Exploitability 0.5

Weighted_severity 8.8

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t16b-mbs7-wfc1

Vulnerability Instance