Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1036070?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1036070?format=api", "purl": "pkg:deb/debian/lcms2@2.6-3", "type": "deb", "namespace": "debian", "name": "lcms2", "version": "2.6-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.9-3", "latest_non_vulnerable_version": "2.9-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56798?format=api", "vulnerability_id": "VCID-b55y-jddy-bybn", "summary": "A heap-based buffer overflow in LittleCMS might allow remote\n attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16435.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63561", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63647", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63658", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63641", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6367", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16083", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17457" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628969", "reference_id": "1628969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628969" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907983", "reference_id": "907983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907983" }, { "reference_url": "https://security.gentoo.org/glsa/202105-18", "reference_id": "GLSA-202105-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3004", "reference_id": "RHSA-2018:3004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3004" }, { "reference_url": "https://usn.ubuntu.com/3770-1/", "reference_id": "USN-3770-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3770-1/" }, { "reference_url": "https://usn.ubuntu.com/3770-2/", "reference_id": "USN-3770-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3770-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037084?format=api", "purl": "pkg:deb/debian/lcms2@2.8-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.8-4%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052914?format=api", "purl": "pkg:deb/debian/lcms2@2.9-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.9-3" } ], "aliases": [ "CVE-2018-16435" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b55y-jddy-bybn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81335?format=api", "vulnerability_id": "VCID-xayg-2xtc-r7ej", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.7519", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75255", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75253", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75193", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75276", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01182", "scoring_system": "epss", "scoring_elements": "0.78782", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01182", "scoring_system": "epss", "scoring_elements": "0.7881", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:P" }, { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357", "reference_id": "1367357", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627", "reference_id": "852627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2079", "reference_id": "RHSA-2016:2079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2658", "reference_id": "RHSA-2016:2658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2999", "reference_id": "RHSA-2017:2999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3046", "reference_id": "RHSA-2017:3046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3264", "reference_id": "RHSA-2017:3264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3267", "reference_id": "RHSA-2017:3267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3268", "reference_id": "RHSA-2017:3268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3453", "reference_id": "RHSA-2017:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "reference_url": "https://usn.ubuntu.com/3770-1/", "reference_id": "USN-3770-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3770-1/" }, { "reference_url": "https://usn.ubuntu.com/3770-2/", "reference_id": "USN-3770-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3770-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036071?format=api", "purl": "pkg:deb/debian/lcms2@2.6-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" }, { "vulnerability": "VCID-xayg-2xtc-r7ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.6-3%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037084?format=api", "purl": "pkg:deb/debian/lcms2@2.8-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.8-4%252Bdeb9u1" } ], "aliases": [ "CVE-2016-10165" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xayg-2xtc-r7ej" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86645?format=api", "vulnerability_id": "VCID-1hjr-dusc-5fbg", "summary": "CMS: multiple potential flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4160.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78123", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78007", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78026", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78057", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78083", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78066", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78096", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.7809", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714529", "reference_id": "714529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=985137", "reference_id": "985137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985137" }, { "reference_url": "https://usn.ubuntu.com/1911-1/", "reference_id": "USN-1911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1911-1/" }, { "reference_url": "https://usn.ubuntu.com/1911-2/", "reference_id": "USN-1911-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1911-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036070?format=api", "purl": "pkg:deb/debian/lcms2@2.6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" }, { "vulnerability": "VCID-xayg-2xtc-r7ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.6-3" } ], "aliases": [ "CVE-2013-4160" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hjr-dusc-5fbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85182?format=api", "vulnerability_id": "VCID-89z9-rr31-37cc", "summary": "lcms2: double free on error recovering", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94632", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94627", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94573", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.9458", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94587", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.9459", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.946", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94604", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.94607", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15231", "scoring_system": "epss", "scoring_elements": "0.9461", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7455" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db" }, { "reference_url": "https://penteston.com/OSVDB-105462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://penteston.com/OSVDB-105462" }, { "reference_url": "http://www.kb.cert.org/vuls/id/369800", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.kb.cert.org/vuls/id/369800" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2961-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2961-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332518", "reference_id": "1332518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332518" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7455", "reference_id": "CVE-2013-7455", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7455" }, { "reference_url": "https://usn.ubuntu.com/2961-1/", "reference_id": "USN-2961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036070?format=api", "purl": "pkg:deb/debian/lcms2@2.6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" }, { "vulnerability": "VCID-xayg-2xtc-r7ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.6-3" } ], "aliases": [ "CVE-2013-7455" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89z9-rr31-37cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41409?format=api", "vulnerability_id": "VCID-kwu7-a77q-2fea", "summary": "Multiple buffer overflow flaws and a parser error in LittleCMS\n could cause Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0459.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86477", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86506", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86535", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.8655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86541", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86556", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86562", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86555", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02988", "scoring_system": "epss", "scoring_elements": "0.86573", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087444", "reference_id": "1087444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745471", "reference_id": "745471", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745471" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://security.gentoo.org/glsa/201412-46", "reference_id": "GLSA-201412-46", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-46" }, { "reference_url": "https://security.gentoo.org/glsa/201502-12", "reference_id": "GLSA-201502-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0406", "reference_id": "RHSA-2014:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0407", "reference_id": "RHSA-2014:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0412", "reference_id": "RHSA-2014:0412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0413", "reference_id": "RHSA-2014:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0486", "reference_id": "RHSA-2014:0486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0675", "reference_id": "RHSA-2014:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0705", "reference_id": "RHSA-2014:0705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0705" }, { "reference_url": "https://usn.ubuntu.com/2187-1/", "reference_id": "USN-2187-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2187-1/" }, { "reference_url": "https://usn.ubuntu.com/2191-1/", "reference_id": "USN-2191-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2191-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036070?format=api", "purl": "pkg:deb/debian/lcms2@2.6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b55y-jddy-bybn" }, { "vulnerability": "VCID-xayg-2xtc-r7ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.6-3" } ], "aliases": [ "CVE-2014-0459" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwu7-a77q-2fea" } ], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lcms2@2.6-3" }