Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e36z-3vcv-8qaw
Vulnerability ID VCID-e36z-3vcv-8qaw
Aliases CVE-2012-3444
GHSA-5h2q-4hrp-v9rr
PYSEC-2012-4
Summary The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0119 https://api.first.org/data/v1/epss?cve=CVE-2012-3444
epss 0.0119 https://api.first.org/data/v1/epss?cve=CVE-2012-3444
epss 0.0119 https://api.first.org/data/v1/epss?cve=CVE-2012-3444
epss 0.0119 https://api.first.org/data/v1/epss?cve=CVE-2012-3444
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-5h2q-4hrp-v9rr
cvssv3.1 7.5 https://github.com/django/django
cvssv4 8.7 https://github.com/django/django
generic_textual HIGH https://github.com/django/django
cvssv3.1 7.5 https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
cvssv4 8.7 https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
generic_textual HIGH https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
cvssv3.1 7.5 https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
cvssv4 8.7 https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
generic_textual HIGH https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
cvssv3.1 7.5 https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
cvssv4 8.7 https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
generic_textual HIGH https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
cvssv3.1 7.5 https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
cvssv4 8.7 https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
generic_textual HIGH https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
cvssv3.1 7.5 https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
cvssv4 8.7 https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
generic_textual HIGH https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
cvssv4 8.7 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2012-3444
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2012-3444
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2012-3444
cvssv3.1 7.5 https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
cvssv4 8.7 https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
generic_textual HIGH https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
cvssv3.1 7.5 http://www.debian.org/security/2012/dsa-2529
cvssv4 8.7 http://www.debian.org/security/2012/dsa-2529
generic_textual HIGH http://www.debian.org/security/2012/dsa-2529
cvssv3.1 7.5 http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
cvssv4 8.7 http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
generic_textual HIGH http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2012/07/31/1
cvssv4 8.7 http://www.openwall.com/lists/oss-security/2012/07/31/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2012/07/31/1
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2012/07/31/2
cvssv4 8.7 http://www.openwall.com/lists/oss-security/2012/07/31/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2012/07/31/2
cvssv3.1 7.5 http://www.ubuntu.com/usn/USN-1560-1
cvssv4 8.7 http://www.ubuntu.com/usn/USN-1560-1
generic_textual HIGH http://www.ubuntu.com/usn/USN-1560-1
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2012-3444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3444
https://github.com/advisories/GHSA-5h2q-4hrp-v9rr
https://github.com/django/django
https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
https://nvd.nist.gov/vuln/detail/CVE-2012-3444
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
http://www.debian.org/security/2012/dsa-2529
http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
http://www.openwall.com/lists/oss-security/2012/07/31/1
http://www.openwall.com/lists/oss-security/2012/07/31/2
http://www.ubuntu.com/usn/USN-1560-1
683364 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683364
USN-1560-1 https://usn.ubuntu.com/1560-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/django/django/commit/dd16b17099b7d86f27773df048c5014cf439b282
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-4.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3444
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.debian.org/security/2012/dsa-2529
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at http://www.debian.org/security/2012/dsa-2529
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2012/07/31/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at http://www.openwall.com/lists/oss-security/2012/07/31/1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2012/07/31/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at http://www.openwall.com/lists/oss-security/2012/07/31/2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.ubuntu.com/usn/USN-1560-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at http://www.ubuntu.com/usn/USN-1560-1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.79246
EPSS Score 0.0119
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:45.141795+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0