Python/numpy/1.7.0

Fundamental package for array computing in Python

https://pypi.org/project/numpy
BSD

7 Security Vulnerabilities

Numpy arbitrary file write via symlink attack

Published date: 2022-05-14T01:08:34Z
CVE: CVE-2014-1859
Links:

(1) core/tests/testmemmap.py, (2) core/tests/testmultiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

Affected versions: ["1.3.0", "1.4.1", "0.9.8", "1.0", "1.0.4", "1.5.1", "1.6.0", "1.0b4", "1.8.0", "0.9.6", "1.0b5", "1.0rc3", "1.4.0", "1.7.0", "1.7.1", "1.0b1", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.2.0", "1.6.2"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

NumPy NULL Pointer Dereference

Published date: 2022-02-08T00:00:56Z
CVE: CVE-2021-41495
Links:

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.

Affected versions: ["1.10.0", "1.13.0rc1", "1.14.0", "1.14.0rc1", "1.16.0", "1.16.6", "1.17.2", "1.18.3", "1.3.0", "1.4.1", "0.9.8", "1.0", "1.10.1", "1.11.2", "1.12.0", "1.16.2", "1.16.3", "1.17.4", "1.18.0", "1.18.5", "1.0.4", "1.10.3", "1.11.0", "1.11.3", "1.14.3", "1.14.6", "1.15.0rc2", "1.16.0rc1", "1.16.5", "1.17.0rc2", "1.18.2", "1.5.1", "1.6.0", "1.0b4", "1.10.2", "1.12.1", "1.13.3", "1.14.1", "1.15.1", "1.17.3", "1.8.0", "1.9.3", "0.9.6", "1.0b5", "1.0rc3", "1.10.4", "1.13.0rc2", "1.14.5", "1.15.0", "1.15.3", "1.15.4", "1.17.1", "1.18.0rc1", "1.18.4", "1.4.0", "1.11.1", "1.17.0rc1", "1.7.0", "1.7.1", "1.8.1", "1.9.1", "1.9.2", "1.0b1", "1.13.1", "1.14.4", "1.16.1", "1.16.4", "1.17.0", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.13.0", "1.14.2", "1.15.0rc1", "1.15.2", "1.16.0rc2", "1.17.5", "1.18.1", "1.2.0", "1.6.2", "1.8.2", "1.9.0"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

Numpy Deserialization of Untrusted Data

Published date: 2022-05-24T22:00:57Z
CVE: CVE-2019-6446
Links:

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

Affected versions: ["1.10.0", "1.13.0rc1", "1.14.0", "1.14.0rc1", "1.16.0", "1.3.0", "1.4.1", "0.9.8", "1.0", "1.10.1", "1.11.2", "1.12.0", "1.0.4", "1.10.3", "1.11.0", "1.11.3", "1.14.3", "1.14.6", "1.15.0rc2", "1.16.0rc1", "1.5.1", "1.6.0", "1.0b4", "1.10.2", "1.12.1", "1.13.3", "1.14.1", "1.15.1", "1.8.0", "1.9.3", "0.9.6", "1.0b5", "1.0rc3", "1.10.4", "1.13.0rc2", "1.14.5", "1.15.0", "1.15.3", "1.15.4", "1.4.0", "1.11.1", "1.7.0", "1.7.1", "1.8.1", "1.9.1", "1.9.2", "1.0b1", "1.13.1", "1.14.4", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.13.0", "1.14.2", "1.15.0rc1", "1.15.2", "1.16.0rc2", "1.2.0", "1.6.2", "1.8.2", "1.9.0"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

Arbitrary file write in NumPy

Published date: 2022-05-14T03:48:04Z
CVE: CVE-2014-1858
Links:

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

Affected versions: ["1.3.0", "1.4.1", "0.9.8", "1.0", "1.0.4", "1.5.1", "1.6.0", "1.0b4", "1.8.0", "0.9.6", "1.0b5", "1.0rc3", "1.4.0", "1.7.0", "1.7.1", "1.0b1", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.2.0", "1.6.2"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

Buffer Copy without Checking Size of Input in NumPy

Published date: 2022-02-08T00:00:56Z
CVE: CVE-2021-41496
Links:

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

Affected versions: ["1.10.0", "1.13.0rc1", "1.14.0", "1.14.0rc1", "1.16.0", "1.16.6", "1.17.2", "1.18.3", "1.3.0", "1.4.1", "0.9.8", "1.0", "1.10.1", "1.11.2", "1.12.0", "1.16.2", "1.16.3", "1.17.4", "1.18.0", "1.18.5", "1.0.4", "1.10.3", "1.11.0", "1.11.3", "1.14.3", "1.14.6", "1.15.0rc2", "1.16.0rc1", "1.16.5", "1.17.0rc2", "1.18.2", "1.5.1", "1.6.0", "1.0b4", "1.10.2", "1.12.1", "1.13.3", "1.14.1", "1.15.1", "1.17.3", "1.8.0", "1.9.3", "0.9.6", "1.0b5", "1.0rc3", "1.10.4", "1.13.0rc2", "1.14.5", "1.15.0", "1.15.3", "1.15.4", "1.17.1", "1.18.0rc1", "1.18.4", "1.4.0", "1.11.1", "1.17.0rc1", "1.7.0", "1.7.1", "1.8.1", "1.9.1", "1.9.2", "1.0b1", "1.13.1", "1.14.4", "1.16.1", "1.16.4", "1.17.0", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.13.0", "1.14.2", "1.15.0rc1", "1.15.2", "1.16.0rc2", "1.17.5", "1.18.1", "1.2.0", "1.6.2", "1.8.2", "1.9.0"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

Incorrect Comparison in NumPy

Published date: 2021-12-18T00:00:41Z
CVE: CVE-2021-34141
Links:

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

Affected versions: ["1.10.0", "1.13.0rc1", "1.14.0", "1.14.0rc1", "1.16.0", "1.16.6", "1.17.2", "1.18.3", "1.3.0", "1.4.1", "0.9.8", "1.0", "1.10.1", "1.11.2", "1.12.0", "1.16.2", "1.16.3", "1.17.4", "1.18.0", "1.18.5", "1.19.0rc1", "1.20.1", "1.0.4", "1.10.3", "1.11.0", "1.11.3", "1.14.3", "1.14.6", "1.15.0rc2", "1.16.0rc1", "1.16.5", "1.17.0rc2", "1.18.2", "1.19.0rc2", "1.19.1", "1.5.1", "1.6.0", "1.0b4", "1.10.2", "1.12.1", "1.13.3", "1.14.1", "1.15.1", "1.17.3", "1.19.4", "1.8.0", "1.9.3", "0.9.6", "1.0b5", "1.0rc3", "1.10.4", "1.13.0rc2", "1.14.5", "1.15.0", "1.15.3", "1.15.4", "1.17.1", "1.18.0rc1", "1.18.4", "1.4.0", "1.11.1", "1.17.0rc1", "1.19.0", "1.7.0", "1.7.1", "1.8.1", "1.9.1", "1.9.2", "1.0b1", "1.13.1", "1.14.4", "1.16.1", "1.16.4", "1.17.0", "1.19.2", "1.19.3", "1.2.1", "1.20.2", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.13.0", "1.14.2", "1.15.0rc1", "1.15.2", "1.16.0rc2", "1.17.5", "1.18.1", "1.19.5", "1.2.0", "1.20.0", "1.20.0rc1", "1.20.0rc2", "1.6.2", "1.8.2", "1.9.0", "1.20.3", "1.21.0rc1", "1.21.0rc2", "1.21.0", "1.21.1", "1.21.2", "1.21.3", "1.21.4", "1.22.0rc1", "1.22.0rc2", "1.21.5", "1.22.0rc3", "1.21.6"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

Numpy missing input validation

Published date: 2022-05-13T01:42:46Z
CVE: CVE-2017-12852
Links:

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Affected versions: ["1.10.0", "1.13.0rc1", "1.3.0", "1.4.1", "0.9.8", "1.0", "1.10.1", "1.11.2", "1.12.0", "1.0.4", "1.10.3", "1.11.0", "1.11.3", "1.5.1", "1.6.0", "1.0b4", "1.10.2", "1.12.1", "1.8.0", "1.9.3", "0.9.6", "1.0b5", "1.0rc3", "1.10.4", "1.13.0rc2", "1.4.0", "1.11.1", "1.7.0", "1.7.1", "1.8.1", "1.9.1", "1.9.2", "1.0b1", "1.13.1", "1.2.1", "1.5.0", "1.6.1", "1.7.2", "1.0.3", "1.0rc1", "1.0rc2", "1.1.1", "1.13.0", "1.2.0", "1.6.2", "1.8.2", "1.9.0"]
Secure versions: [1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.23.0, 1.23.0rc1, 1.23.0rc2, 1.23.0rc3, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.24.0, 1.24.0rc1, 1.24.0rc2, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.25.0, 1.25.0rc1, 1.25.1, 1.25.2, 1.26.0, 1.26.0b1, 1.26.0rc1, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 2.0.0, 2.0.0b1, 2.0.0rc1, 2.0.0rc2, 2.0.1, 2.0.2, 2.1.0, 2.1.0rc1, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.0rc1, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.3.0, 2.3.0rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0rc1, 2.4.1, 2.4.2, 2.4.3, 2.4.4]
Recommendation: Update to version 2.4.4.

177 Other Versions

Version License Security Released
1.17.2 BSD 4 2019-09-07 - 00:00 over 6 years
1.17.1 BSD 4 2019-08-27 - 00:20 over 6 years
1.17.0 BSD 4 2019-07-26 - 18:16 over 6 years
1.17.0rc2 BSD 4 2019-07-16 - 14:24 over 6 years
1.17.0rc1 BSD 4 2019-06-30 - 21:06 almost 7 years
1.16.6 BSD 4 2019-12-29 - 22:23 over 6 years
1.16.5 BSD 4 2019-08-28 - 01:11 over 6 years
1.16.4 BSD 4 2019-05-28 - 18:53 almost 7 years
1.16.3 BSD 4 2019-04-22 - 01:23 almost 7 years
1.16.2 BSD 4 2019-02-26 - 19:10 about 7 years
1.16.1 BSD 4 2019-01-31 - 23:13 about 7 years
1.16.0 BSD 5 2019-01-14 - 02:39 about 7 years
1.16.0rc2 BSD 5 2019-01-05 - 01:01 over 7 years
1.16.0rc1 BSD 5 2018-12-20 - 15:13 over 7 years
1.15.4 BSD 5 2018-11-04 - 16:20 over 7 years
1.15.3 BSD 5 2018-10-22 - 17:10 over 7 years
1.15.2 BSD 5 2018-09-23 - 12:12 over 7 years
1.15.1 BSD 5 2018-08-21 - 19:28 over 7 years
1.15.0 BSD 5 2018-07-23 - 16:03 over 7 years
1.15.0rc2 BSD 5 2018-07-09 - 21:04 over 7 years
1.15.0rc1 BSD 5 2018-06-21 - 16:13 almost 8 years
1.14.6 BSD 5 2018-09-23 - 16:50 over 7 years
1.14.5 BSD 5 2018-06-12 - 22:28 almost 8 years
1.14.4 BSD 5 2018-06-06 - 17:00 almost 8 years
1.14.3 BSD 5 2018-04-28 - 15:56 almost 8 years
1.14.2 BSD 5 2018-03-12 - 17:49 about 8 years
1.14.1 BSD 5 2018-02-21 - 00:18 about 8 years
1.14.0 BSD 5 2018-01-06 - 23:35 about 8 years
1.14.0rc1 BSD 5 2017-12-13 - 20:20 over 8 years
1.13.3 BSD 5 2017-09-30 - 20:05 over 8 years
1.13.1 BSD 6 2017-07-07 - 01:27 over 8 years
1.13.0 BSD 6 2017-06-07 - 18:53 almost 9 years
1.13.0rc2 BSD 6 2017-05-18 - 20:38 almost 9 years
1.13.0rc1 BSD 6 2017-05-11 - 00:37 almost 9 years
1.12.1 BSD 6 2017-03-18 - 16:59 about 9 years
1.12.0 BSD 6 2017-01-15 - 23:22 about 9 years
1.11.3 BSD 6 2016-12-19 - 01:03 over 9 years
1.11.2 BSD 6 2016-10-04 - 01:11 over 9 years
1.11.1 BSD 6 2016-06-26 - 13:55 almost 10 years
1.11.0 BSD 6 2016-03-27 - 21:03 about 10 years
1.10.4 BSD 6 2016-04-20 - 01:18 almost 10 years
1.10.3 BSD 6 2016-04-20 - 03:58 almost 10 years
1.10.2 BSD 6 2016-04-20 - 04:04 almost 10 years
1.10.1 BSD 6 2016-04-20 - 04:09 almost 10 years
1.10.0 BSD 6 2016-04-20 - 04:13 almost 10 years
1.9.3 BSD 6 2016-04-20 - 01:37 almost 10 years
1.9.2 BSD 6 2016-04-20 - 04:15 almost 10 years
1.9.1 BSD 6 2016-04-20 - 04:17 almost 10 years
1.9.0 BSD 6 2016-04-20 - 04:19 almost 10 years
1.8.2 BSD 5 2016-04-20 - 01:39 almost 10 years