Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-m6zd-sa8b-4yf1

Summary In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

Aliases

alias	CVE-2018-8976

alias	PYSEC-2018-146

Fixed_packages

url	pkg:deb/debian/exiv2@0.27.2-6?distro=trixie
purl	pkg:deb/debian/exiv2@0.27.2-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie

url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5m46-2feu-yuh1

vulnerability	VCID-9nxb-v8b8-bkcf

vulnerability	VCID-bpyz-ymzy-zufs

vulnerability	VCID-cs4q-3rwr-vke4

vulnerability	VCID-jtxa-kc5c-z7cr

vulnerability	VCID-p48j-jh17-7fa9

vulnerability	VCID-pxbv-ypp8-wkfs

vulnerability	VCID-yyhh-t98b-cyen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie

purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5m46-2feu-yuh1

vulnerability	VCID-9nxb-v8b8-bkcf

vulnerability	VCID-bpyz-ymzy-zufs

vulnerability	VCID-cs4q-3rwr-vke4

vulnerability	VCID-jtxa-kc5c-z7cr

vulnerability	VCID-p48j-jh17-7fa9

vulnerability	VCID-yyhh-t98b-cyen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie

url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nxb-v8b8-bkcf

vulnerability	VCID-bpyz-ymzy-zufs

vulnerability	VCID-cs4q-3rwr-vke4

vulnerability	VCID-p48j-jh17-7fa9

vulnerability	VCID-yyhh-t98b-cyen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:ebuild/media-gfx/exiv2@0.26_p20180811-r3
purl	pkg:ebuild/media-gfx/exiv2@0.26_p20180811-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-gfx/exiv2@0.26_p20180811-r3

Affected_packages

References

reference_url

https://access.redhat.com/errata/RHSA-2019:2101

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/errata/RHSA-2019:2101

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8976

reference_id

reference_type

scores

value	0.00608
scoring_system	epss
scoring_elements	0.70035
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8976

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/Exiv2/exiv2/issues/246

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://github.com/Exiv2/exiv2/issues/246

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html

reference_url

https://security.gentoo.org/glsa/201811-14

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://security.gentoo.org/glsa/201811-14

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903813
reference_id	903813
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903813

Weaknesses

Exploits

Severity_range_score 3.3 - 6.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6zd-sa8b-4yf1

Vulnerability Instance