CVE-2017-12852

NameCVE-2017-12852
DescriptionThe numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs872407

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-numpy (PTS)jessie1:1.8.2-2vulnerable
stretch1:1.12.1-3vulnerable
buster1:1.16.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-numpysource(unstable)1:1.14.3-1unimportant872407

Notes

https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
Negligible security impact

Search for package or bug name: Reporting problems