VulnerableCode Package Details - pkg:deb/debian/netsurf@2.9-2

Search for packages

Package details: pkg:deb/debian/netsurf@2.9-2

Essentials
History (31)

purl	pkg:deb/debian/netsurf@2.9-2

Next non-vulnerable version	3.6-3.1
Latest non-vulnerable version	3.6-3.1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-141q-nxrb-aaaa Aliases: CVE-2015-7506	The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.	3.6-3.1 Affected by 0 other vulnerabilities.
VCID-2n1m-xefr-aaah Aliases: CVE-2015-7507	libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.	3.6-3.1 Affected by 0 other vulnerabilities.
VCID-4qww-3wn9-aaag Aliases: CVE-2014-3566	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.	3.6-3.1 Affected by 0 other vulnerabilities.
VCID-g9x9-6gp2-aaah Aliases: CVE-2015-7508	Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.	3.6-3.1 Affected by 0 other vulnerabilities.
VCID-hq6u-kq61-aaap Aliases: CVE-2015-7505	Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.	3.6-3.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-r1ec-rnpb-aaas	Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.	CVE-2012-0844

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:56:01.367647+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T04:39:33.796070+00:00	Debian Oval Importer	Affected by	VCID-141q-nxrb-aaaa	None	36.1.3
2025-06-21T04:29:28.986676+00:00	Debian Oval Importer	Affected by	VCID-2n1m-xefr-aaah	None	36.1.3
2025-06-21T04:02:13.847540+00:00	Debian Oval Importer	Affected by	VCID-hq6u-kq61-aaap	None	36.1.3
2025-06-21T02:42:29.150701+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	None	36.1.3
2025-06-21T02:39:19.733714+00:00	Debian Oval Importer	Affected by	VCID-4qww-3wn9-aaag	None	36.1.3
2025-06-21T01:35:53.466930+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	None	36.1.3
2025-06-08T12:58:44.096276+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:23:26.979672+00:00	Debian Oval Importer	Affected by	VCID-hq6u-kq61-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:25:30.480575+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-07T22:16:19.880299+00:00	Debian Oval Importer	Affected by	VCID-141q-nxrb-aaaa	None	36.1.0
2025-06-07T22:05:51.276998+00:00	Debian Oval Importer	Affected by	VCID-2n1m-xefr-aaah	None	36.1.0
2025-06-07T21:37:34.660795+00:00	Debian Oval Importer	Affected by	VCID-hq6u-kq61-aaap	None	36.1.0
2025-06-07T20:07:52.410269+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	None	36.1.0
2025-06-07T20:04:09.122427+00:00	Debian Oval Importer	Affected by	VCID-4qww-3wn9-aaag	None	36.1.0
2025-06-07T18:58:57.102851+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	None	36.1.0
2025-04-12T22:22:43.916603+00:00	Debian Oval Importer	Affected by	VCID-141q-nxrb-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:22:14.831496+00:00	Debian Oval Importer	Affected by	VCID-4qww-3wn9-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:11:28.816084+00:00	Debian Oval Importer	Affected by	VCID-2n1m-xefr-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:46:03.852119+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:09:30.889272+00:00	Debian Oval Importer	Affected by	VCID-hq6u-kq61-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:09:37.753188+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T20:47:50.785472+00:00	Debian Oval Importer	Affected by	VCID-141q-nxrb-aaaa	None	36.0.0
2025-04-07T20:37:08.349701+00:00	Debian Oval Importer	Affected by	VCID-2n1m-xefr-aaah	None	36.0.0
2025-04-07T20:07:06.865037+00:00	Debian Oval Importer	Affected by	VCID-hq6u-kq61-aaap	None	36.0.0
2025-04-07T18:44:48.944678+00:00	Debian Oval Importer	Affected by	VCID-g9x9-6gp2-aaah	None	36.0.0
2025-04-07T18:41:32.950627+00:00	Debian Oval Importer	Affected by	VCID-4qww-3wn9-aaag	None	36.0.0
2025-04-07T17:36:48.304071+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	None	36.0.0
2024-11-28T19:12:16.882616+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-14T04:29:08.747573+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-21T05:59:33.049916+00:00	Debian Oval Importer	Fixing	VCID-r1ec-rnpb-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1