VulnerableCode Package Details - pkg:deb/debian/glance@2:12.0.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-g1mf-hrds-bubz	OpenStack Image Service (Glance) vulnerable to Improper Access Control OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.	CVE-2016-0757 GHSA-5xrj-ghhp-hx7p
VCID-zy9m-d25c-5uga	OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.	CVE-2015-5162 GHSA-g2j5-7vgx-6xrx

Vulnerability

Summary

Aliases

VCID-g1mf-hrds-bubz

OpenStack Image Service (Glance) vulnerable to Improper Access Control OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

CVE-2016-0757
GHSA-5xrj-ghhp-hx7p

VCID-zy9m-d25c-5uga

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.

CVE-2015-5162
GHSA-g2j5-7vgx-6xrx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:54:48.830143+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:37.197454+00:00	Debian Importer	Fixing	VCID-g1mf-hrds-bubz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:07:55.298028+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:53.248864+00:00	Debian Importer	Fixing	VCID-g1mf-hrds-bubz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:25:14.197128+00:00	Debian Importer	Fixing	VCID-g1mf-hrds-bubz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:13.988739+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.1.0