Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ayaa-beyt-xkcu
SummaryHeap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Aliases
0
alias CVE-2018-12900
Fixed_packages
0
url pkg:deb/debian/tiff@4.0.10-4?distro=trixie
purl pkg:deb/debian/tiff@4.0.10-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.10-4%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qdp-vzrd-uqgc
1
vulnerability VCID-5zvp-ysut-juep
2
vulnerability VCID-6hf4-rc1a-pbg6
3
vulnerability VCID-6v96-k8cs-13f7
4
vulnerability VCID-92dt-g6m8-fufk
5
vulnerability VCID-anfx-xj8v-kfg8
6
vulnerability VCID-c7nt-5d64-kkev
7
vulnerability VCID-d52s-g5c7-qka3
8
vulnerability VCID-fbks-9s7e-wfcj
9
vulnerability VCID-gyvd-4m8g-jkdu
10
vulnerability VCID-hhgz-j76b-k7d4
11
vulnerability VCID-kxdc-8rht-vfdy
12
vulnerability VCID-n3p5-9ykg-sufd
13
vulnerability VCID-nwgs-pqj7-xkbs
14
vulnerability VCID-su9v-ewt3-6ua8
15
vulnerability VCID-xg35-8jbc-wqa4
16
vulnerability VCID-xms6-c2j7-hfh8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qdp-vzrd-uqgc
1
vulnerability VCID-5zvp-ysut-juep
2
vulnerability VCID-6hf4-rc1a-pbg6
3
vulnerability VCID-6v96-k8cs-13f7
4
vulnerability VCID-92dt-g6m8-fufk
5
vulnerability VCID-c7nt-5d64-kkev
6
vulnerability VCID-cpk7-uyvf-3kb6
7
vulnerability VCID-d52s-g5c7-qka3
8
vulnerability VCID-fbks-9s7e-wfcj
9
vulnerability VCID-gyvd-4m8g-jkdu
10
vulnerability VCID-kxdc-8rht-vfdy
11
vulnerability VCID-n3p5-9ykg-sufd
12
vulnerability VCID-nwgs-pqj7-xkbs
13
vulnerability VCID-su9v-ewt3-6ua8
14
vulnerability VCID-xg35-8jbc-wqa4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qdp-vzrd-uqgc
1
vulnerability VCID-6hf4-rc1a-pbg6
2
vulnerability VCID-92dt-g6m8-fufk
3
vulnerability VCID-fbks-9s7e-wfcj
4
vulnerability VCID-n3p5-9ykg-sufd
5
vulnerability VCID-su9v-ewt3-6ua8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
Affected_packages
0
url pkg:rpm/redhat/libtiff@4.0.3-32?arch=el7
purl pkg:rpm/redhat/libtiff@4.0.3-32?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-631h-1ukc-2kbr
1
vulnerability VCID-6bqr-yf8y-xba6
2
vulnerability VCID-6vbx-9hme-ckgy
3
vulnerability VCID-7fq4-rz4j-nye3
4
vulnerability VCID-ayaa-beyt-xkcu
5
vulnerability VCID-eys7-uqtb-k3hf
6
vulnerability VCID-pf7r-7sdb-ayfk
7
vulnerability VCID-tu3t-rdy1-eqa7
8
vulnerability VCID-uran-x628-rffb
9
vulnerability VCID-zw8d-7hse-1fe1
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@4.0.3-32%3Farch=el7
1
url pkg:rpm/redhat/libtiff@4.0.9-15?arch=el8
purl pkg:rpm/redhat/libtiff@4.0.9-15?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayaa-beyt-xkcu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@4.0.9-15%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12900
reference_id
reference_type
scores
0
value 0.09894
scoring_system epss
scoring_elements 0.93143
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12900
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595575
reference_id 1595575
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595575
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718
reference_id 902718
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718
4
reference_url https://access.redhat.com/errata/RHSA-2019:2053
reference_id RHSA-2019:2053
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2053
5
reference_url https://access.redhat.com/errata/RHSA-2019:3419
reference_id RHSA-2019:3419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3419
Weaknesses
0
cwe_id 122
name Heap-based Buffer Overflow
description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Exploits
Severity_range_score5.3 - 5.3
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ayaa-beyt-xkcu