The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 20 |
| redhat | enterprise_linux | 6.0 |
| fedoraproject | fedora | 18 |
| fedoraproject | fedora | 19 |
| scipy | scipy | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| scipy | scipy | * |
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| scipy | scipy | * |