Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r4jf-wda3-tqe6
SummaryPDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
0
alias CVE-2024-42358
Fixed_packages
0
url pkg:deb/debian/ippsample@0.0~git20220215.f365352-1?distro=sid
purl pkg:deb/debian/ippsample@0.0~git20220215.f365352-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ippsample@0.0~git20220215.f365352-1%3Fdistro=sid
1
url pkg:deb/debian/ippsample@0.0~git20220607.72f89b3-1?distro=sid
purl pkg:deb/debian/ippsample@0.0~git20220607.72f89b3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ippsample@0.0~git20220607.72f89b3-1%3Fdistro=sid
2
url pkg:deb/debian/ippsample@0.0.0~git20220215.f365352-2?distro=sid
purl pkg:deb/debian/ippsample@0.0.0~git20220215.f365352-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ippsample@0.0.0~git20220215.f365352-2%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42358
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.55009
published_at 2026-06-11T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.55131
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42358
1
reference_url https://github.com/michaelrsweet/pdfio/commit/e4e1c39578279386b0ab9f9ac14b20a8bad4f935
reference_id e4e1c39578279386b0ab9f9ac14b20a8bad4f935
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-06T18:33:07Z/
url https://github.com/michaelrsweet/pdfio/commit/e4e1c39578279386b0ab9f9ac14b20a8bad4f935
2
reference_url https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353
reference_id GHSA-4hh9-j68x-8353
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-06T18:33:07Z/
url https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353
Weaknesses
0
cwe_id 835
name Loop with Unreachable Exit Condition ('Infinite Loop')
description The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Exploits
Severity_range_score6.2 - 6.2
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r4jf-wda3-tqe6