MidnightBSD

Advisories for scipy

CVE-2013-4251 MEDIUM

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 20
redhat enterprise_linux 6.0
fedoraproject fedora 18
fedoraproject fedora 19
scipy scipy *
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2023-25399

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

Products Affected

Vendor Product Version
scipy scipy *
CVE-2023-29824

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

Products Affected

Vendor Product Version
scipy scipy *