Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6daw-xvw5-tyfw
Summary
Use After Free
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Aliases
0
alias CVE-2023-0799
Fixed_packages
0
url pkg:conan/libtiff@4.5.0
purl pkg:conan/libtiff@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8pzd-tzc6-w7a8
1
vulnerability VCID-arvt-qqf4-wbg2
2
vulnerability VCID-d52s-g5c7-qka3
3
vulnerability VCID-dgyb-2jpx-7ber
4
vulnerability VCID-g46h-2sqe-xkbk
5
vulnerability VCID-q39u-5dd6-qyd2
6
vulnerability VCID-trbp-mf1m-6kbm
7
vulnerability VCID-y3yu-p8ng-buhc
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0
Affected_packages
0
url pkg:conan/libtiff@4.4.0
purl pkg:conan/libtiff@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chc-4dg7-eyah
1
vulnerability VCID-2q3f-jw6b-w7dp
2
vulnerability VCID-6daw-xvw5-tyfw
3
vulnerability VCID-6rz4-7zc4-bfcd
4
vulnerability VCID-bhkq-eqaw-1fba
5
vulnerability VCID-ccsd-p6nq-93ae
6
vulnerability VCID-n6xy-jdpr-tfbq
7
vulnerability VCID-pnp2-whuf-w3d7
8
vulnerability VCID-rben-hn5u-kqdh
9
vulnerability VCID-tynz-dfpk-6kgb
10
vulnerability VCID-xms6-c2j7-hfh8
11
vulnerability VCID-yfgk-2pdu-w3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0
References
0
reference_url https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
reference_id
reference_type
scores
url https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
1
reference_url https://gitlab.com/libtiff/libtiff/-/issues/494
reference_id
reference_type
scores
url https://gitlab.com/libtiff/libtiff/-/issues/494
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0799
reference_id CVE-2023-0799
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0799
3
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json
reference_id CVE-2023-0799.JSON
reference_type
scores
url https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 416
name Use After Free
description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6daw-xvw5-tyfw