CVE-2021-41496

Publication date 17 December 2021

Last updated 4 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

Description

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)

Status

Package Ubuntu Release Status
numpy 23.04 lunar
Not affected
22.10 kinetic
Fixed 1:1.21.5-1ubuntu22.10.1
22.04 LTS jammy
Fixed 1:1.21.5-1ubuntu22.04.1
21.10 impish Ignored end of life
21.04 hirsute Ignored end of life
20.04 LTS focal
Fixed 1:1.17.4-5ubuntu3.1
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
numpy

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.5 · Medium

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-5763-1
    • NumPy vulnerabilities
    • 7 December 2022

Other references

Access our resources on patching vulnerabilities