Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037649?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037649?format=api", "purl": "pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "texlive-bin", "version": "2016.20160513.41080.dfsg-2+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.20260303.78225+ds-1", "latest_non_vulnerable_version": "2026.20260303.78225+ds-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59405?format=api", "vulnerability_id": "VCID-3gpv-93qp-bfhn", "summary": "A vulnerability in Kpathsea allows remote attackers to execute\n arbitrary commands by manipulating the -tex option from mpost program.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10243.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10243.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92969", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.93008", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92999", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92997", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92978", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92982", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09885", "scoring_system": "epss", "scoring_elements": "0.92989", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/" }, { "reference_url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/" }, { "reference_url": "https://www.tug.org/svn/texlive?view=revision&revision=42605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tug.org/svn/texlive?view=revision&revision=42605" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3803" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/05/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/05/1" }, { "reference_url": "http://www.securityfocus.com/bid/96593", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96593" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429452", "reference_id": "1429452", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429452" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10243", "reference_id": "CVE-2016-10243", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10243" }, { "reference_url": "https://security.gentoo.org/glsa/201709-07", "reference_id": "GLSA-201709-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-07" }, { "reference_url": "https://usn.ubuntu.com/3401-1/", "reference_id": "USN-3401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053587?format=api", "purl": "pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-bqqh-5311-w7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1" } ], "aliases": [ "CVE-2016-10243" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpv-93qp-bfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95537?format=api", "vulnerability_id": "VCID-47dt-fhqh-pkag", "summary": "LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18111", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18011", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18028", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17983", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17876", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32668" }, { "reference_url": "https://tug.org/pipermail/tex-live/2023-May/049188.html", "reference_id": "049188.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/" } ], "url": "https://tug.org/pipermail/tex-live/2023-May/049188.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036470", "reference_id": "1036470", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036470" }, { "reference_url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0", "reference_id": "1.17.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/" } ], "url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0" }, { "reference_url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3", "reference_id": "ChangeLog#L1-L3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/" } ], "url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3" }, { "reference_url": "https://tug.org/~mseven/luatex.html#luasocket", "reference_id": "luatex.html#luasocket", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/" } ], "url": "https://tug.org/~mseven/luatex.html#luasocket" }, { "reference_url": "https://usn.ubuntu.com/6695-1/", "reference_id": "USN-6695-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6695-1/" }, { "reference_url": "https://usn.ubuntu.com/7985-1/", "reference_id": "USN-7985-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7985-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994443?format=api", "purl": "pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15kj-emtf-vbag" }, { "vulnerability": "VCID-22hs-pt9p-fbdn" }, { "vulnerability": "VCID-24vd-syhs-gbhc" }, { "vulnerability": "VCID-261q-t1h8-bufj" }, { "vulnerability": "VCID-2pzz-h5vd-wyah" }, { "vulnerability": "VCID-2unr-76q5-y7aw" }, { "vulnerability": "VCID-3a9d-3kme-73d2" }, { "vulnerability": "VCID-3v18-r2f3-1qdv" }, { "vulnerability": "VCID-4cy9-447q-mbf3" }, { "vulnerability": "VCID-4f2u-sskp-zkhu" }, { "vulnerability": "VCID-4ses-k1k7-9ycz" }, { "vulnerability": "VCID-4z3j-9yy6-u3eb" }, { "vulnerability": "VCID-5p9e-n6p5-mudd" }, { "vulnerability": "VCID-6fwt-gfj6-j7av" }, { "vulnerability": "VCID-72m2-st3u-uyfm" }, { "vulnerability": "VCID-76vf-yebs-mkg8" }, { "vulnerability": "VCID-7x9j-31fq-hkg2" }, { "vulnerability": "VCID-86bc-apbh-sbbn" }, { "vulnerability": "VCID-88vn-jepe-33c1" }, { "vulnerability": "VCID-8qwb-455y-bbcp" }, { "vulnerability": "VCID-8xnh-5jb4-uygz" }, { "vulnerability": "VCID-911d-pbx5-4qge" }, { "vulnerability": "VCID-97ds-z5dk-6kbu" }, { "vulnerability": "VCID-9e9z-hm4a-37ab" }, { "vulnerability": "VCID-9mn1-e4dm-nfhd" }, { "vulnerability": "VCID-a6an-r3tj-93ge" }, { "vulnerability": "VCID-ast7-b75m-7uh3" }, { "vulnerability": "VCID-bdbb-4kgq-y7ad" }, { "vulnerability": "VCID-bdke-da3n-37hw" }, { "vulnerability": "VCID-bw8n-jvsd-bqe9" }, { "vulnerability": "VCID-d4tp-mmgz-6udh" }, { "vulnerability": "VCID-dcjs-7eyq-a7gn" }, { "vulnerability": "VCID-e8ev-axf6-dbc3" }, { "vulnerability": "VCID-ecbh-vzp4-x7dr" }, { "vulnerability": "VCID-eeet-mw7y-rudx" }, { "vulnerability": "VCID-euy5-4h8q-hyb3" }, { "vulnerability": "VCID-fbkh-5sb9-auc5" }, { "vulnerability": "VCID-fkft-abbt-6ydx" }, { "vulnerability": "VCID-fymb-bvn2-p7ej" }, { "vulnerability": "VCID-fz4x-mcwe-aqgf" }, { "vulnerability": "VCID-gh4u-68x5-27db" }, { "vulnerability": "VCID-gsk7-273v-qfdz" }, { "vulnerability": "VCID-h73f-kd2u-5yg3" }, { "vulnerability": "VCID-hd3g-vc2p-4fhf" }, { "vulnerability": "VCID-hqv6-gney-2fgw" }, { "vulnerability": "VCID-hx8f-h823-kkhr" }, { "vulnerability": "VCID-jahu-d9d6-jbbt" }, { "vulnerability": "VCID-jxh3-k3es-bqah" }, { "vulnerability": "VCID-k5ue-ga1d-q7gv" }, { "vulnerability": "VCID-knp7-hye9-a3gv" }, { "vulnerability": "VCID-m7rd-mh53-bycu" }, { "vulnerability": "VCID-mm9w-wmdz-qye4" }, { "vulnerability": "VCID-msch-wzj9-h7ga" }, { "vulnerability": "VCID-n68j-881x-3uhp" }, { "vulnerability": "VCID-nckm-umvv-3qcn" }, { "vulnerability": "VCID-nk95-xdjm-vyfq" }, { "vulnerability": "VCID-nucx-up6e-ayb8" }, { "vulnerability": "VCID-nvrx-x1qs-vkdb" }, { "vulnerability": "VCID-p973-cuza-tuhp" }, { "vulnerability": "VCID-q4qv-tq4j-3uh2" }, { "vulnerability": "VCID-qdek-hd55-hbe2" }, { "vulnerability": "VCID-qjxs-qf6j-zycc" }, { "vulnerability": "VCID-rrqw-zrh2-33dn" }, { "vulnerability": "VCID-rype-ss6b-aude" }, { "vulnerability": "VCID-su1a-e49q-pffw" }, { "vulnerability": "VCID-t8bs-vvts-47ag" }, { "vulnerability": "VCID-tqm6-8w98-q3dr" }, { "vulnerability": "VCID-tz15-rmx4-pkdq" }, { "vulnerability": "VCID-u9ur-b18b-gfhr" }, { "vulnerability": "VCID-utve-4z7c-tkhk" }, { "vulnerability": "VCID-v7pb-brn7-v7ah" }, { "vulnerability": "VCID-v9pk-ecc9-yqbm" }, { "vulnerability": "VCID-vfty-pe45-pya4" }, { "vulnerability": "VCID-vk2y-ftzh-sqgh" }, { "vulnerability": "VCID-whjt-pvqp-jycr" }, { "vulnerability": "VCID-whmq-gsw4-sbgg" }, { "vulnerability": "VCID-wngf-qn2d-ykef" }, { "vulnerability": "VCID-ws93-jgn7-83c8" }, { "vulnerability": "VCID-xfy6-snb8-63av" }, { "vulnerability": "VCID-xrgb-9dwh-mubm" }, { "vulnerability": "VCID-xxn1-2trx-myhs" }, { "vulnerability": "VCID-xzdx-45tg-w7ft" }, { "vulnerability": "VCID-y2pg-cgqs-s3gb" }, { "vulnerability": "VCID-y4qh-ek9n-cyc1" }, { "vulnerability": "VCID-ys96-uhkv-2qgv" }, { "vulnerability": "VCID-zbsq-dfju-mkf5" }, { "vulnerability": "VCID-zqjn-srqb-kfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%252Bdeb12u2" } ], "aliases": [ "CVE-2023-32668" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47dt-fhqh-pkag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78403?format=api", "vulnerability_id": "VCID-9kvx-465q-fkam", "summary": "texlive: arbitrary code execution allows document complied with older version", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32700.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32700.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62309", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.6221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.6226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62277", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62264", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://tug.org/pipermail/tex-live/2023-May/049188.html", "reference_id": "049188.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://tug.org/pipermail/tex-live/2023-May/049188.html" }, { "reference_url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0", "reference_id": "1.17.0", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208943", "reference_id": "2208943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208943" }, { "reference_url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984", "reference_id": "build-svn66984", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984" }, { "reference_url": "https://tug.org/~mseven/luatex.html", "reference_id": "luatex.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://tug.org/~mseven/luatex.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3661", "reference_id": "RHSA-2023:3661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3661" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/", "reference_id": "RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/", "reference_id": "TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/" }, { "reference_url": "https://usn.ubuntu.com/6115-1/", "reference_id": "USN-6115-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6115-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053587?format=api", "purl": "pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-bqqh-5311-w7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1" } ], "aliases": [ "CVE-2023-32700" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvx-465q-fkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95988?format=api", "vulnerability_id": "VCID-bqqh-5311-w7ca", "summary": "texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34521", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34545", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34548", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34578", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34605", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34516", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25262" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064517", "reference_id": "1064517", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064517" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912", "reference_id": "2047912", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:34:50Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912" }, { "reference_url": "https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co", "reference_id": "ChangeLog?revision=69605&view=co", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:34:50Z/" } ], "url": "https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co" }, { "reference_url": "https://usn.ubuntu.com/6695-1/", "reference_id": "USN-6695-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6695-1/" }, { "reference_url": "https://usn.ubuntu.com/7985-1/", "reference_id": "USN-7985-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7985-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994443?format=api", "purl": "pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15kj-emtf-vbag" }, { "vulnerability": "VCID-22hs-pt9p-fbdn" }, { "vulnerability": "VCID-24vd-syhs-gbhc" }, { "vulnerability": "VCID-261q-t1h8-bufj" }, { "vulnerability": "VCID-2pzz-h5vd-wyah" }, { "vulnerability": "VCID-2unr-76q5-y7aw" }, { "vulnerability": "VCID-3a9d-3kme-73d2" }, { "vulnerability": "VCID-3v18-r2f3-1qdv" }, { "vulnerability": "VCID-4cy9-447q-mbf3" }, { "vulnerability": "VCID-4f2u-sskp-zkhu" }, { "vulnerability": "VCID-4ses-k1k7-9ycz" }, { "vulnerability": "VCID-4z3j-9yy6-u3eb" }, { "vulnerability": "VCID-5p9e-n6p5-mudd" }, { "vulnerability": "VCID-6fwt-gfj6-j7av" }, { "vulnerability": "VCID-72m2-st3u-uyfm" }, { "vulnerability": "VCID-76vf-yebs-mkg8" }, { "vulnerability": "VCID-7x9j-31fq-hkg2" }, { "vulnerability": "VCID-86bc-apbh-sbbn" }, { "vulnerability": "VCID-88vn-jepe-33c1" }, { "vulnerability": "VCID-8qwb-455y-bbcp" }, { "vulnerability": "VCID-8xnh-5jb4-uygz" }, { "vulnerability": "VCID-911d-pbx5-4qge" }, { "vulnerability": "VCID-97ds-z5dk-6kbu" }, { "vulnerability": "VCID-9e9z-hm4a-37ab" }, { "vulnerability": "VCID-9mn1-e4dm-nfhd" }, { "vulnerability": "VCID-a6an-r3tj-93ge" }, { "vulnerability": "VCID-ast7-b75m-7uh3" }, { "vulnerability": "VCID-bdbb-4kgq-y7ad" }, { "vulnerability": "VCID-bdke-da3n-37hw" }, { "vulnerability": "VCID-bw8n-jvsd-bqe9" }, { "vulnerability": "VCID-d4tp-mmgz-6udh" }, { "vulnerability": "VCID-dcjs-7eyq-a7gn" }, { "vulnerability": "VCID-e8ev-axf6-dbc3" }, { "vulnerability": "VCID-ecbh-vzp4-x7dr" }, { "vulnerability": "VCID-eeet-mw7y-rudx" }, { "vulnerability": "VCID-euy5-4h8q-hyb3" }, { "vulnerability": "VCID-fbkh-5sb9-auc5" }, { "vulnerability": "VCID-fkft-abbt-6ydx" }, { "vulnerability": "VCID-fymb-bvn2-p7ej" }, { "vulnerability": "VCID-fz4x-mcwe-aqgf" }, { "vulnerability": "VCID-gh4u-68x5-27db" }, { "vulnerability": "VCID-gsk7-273v-qfdz" }, { "vulnerability": "VCID-h73f-kd2u-5yg3" }, { "vulnerability": "VCID-hd3g-vc2p-4fhf" }, { "vulnerability": "VCID-hqv6-gney-2fgw" }, { "vulnerability": "VCID-hx8f-h823-kkhr" }, { "vulnerability": "VCID-jahu-d9d6-jbbt" }, { "vulnerability": "VCID-jxh3-k3es-bqah" }, { "vulnerability": "VCID-k5ue-ga1d-q7gv" }, { "vulnerability": "VCID-knp7-hye9-a3gv" }, { "vulnerability": "VCID-m7rd-mh53-bycu" }, { "vulnerability": "VCID-mm9w-wmdz-qye4" }, { "vulnerability": "VCID-msch-wzj9-h7ga" }, { "vulnerability": "VCID-n68j-881x-3uhp" }, { "vulnerability": "VCID-nckm-umvv-3qcn" }, { "vulnerability": "VCID-nk95-xdjm-vyfq" }, { "vulnerability": "VCID-nucx-up6e-ayb8" }, { "vulnerability": "VCID-nvrx-x1qs-vkdb" }, { "vulnerability": "VCID-p973-cuza-tuhp" }, { "vulnerability": "VCID-q4qv-tq4j-3uh2" }, { "vulnerability": "VCID-qdek-hd55-hbe2" }, { "vulnerability": "VCID-qjxs-qf6j-zycc" }, { "vulnerability": "VCID-rrqw-zrh2-33dn" }, { "vulnerability": "VCID-rype-ss6b-aude" }, { "vulnerability": "VCID-su1a-e49q-pffw" }, { "vulnerability": "VCID-t8bs-vvts-47ag" }, { "vulnerability": "VCID-tqm6-8w98-q3dr" }, { "vulnerability": "VCID-tz15-rmx4-pkdq" }, { "vulnerability": "VCID-u9ur-b18b-gfhr" }, { "vulnerability": "VCID-utve-4z7c-tkhk" }, { "vulnerability": "VCID-v7pb-brn7-v7ah" }, { "vulnerability": "VCID-v9pk-ecc9-yqbm" }, { "vulnerability": "VCID-vfty-pe45-pya4" }, { "vulnerability": "VCID-vk2y-ftzh-sqgh" }, { "vulnerability": "VCID-whjt-pvqp-jycr" }, { "vulnerability": "VCID-whmq-gsw4-sbgg" }, { "vulnerability": "VCID-wngf-qn2d-ykef" }, { "vulnerability": "VCID-ws93-jgn7-83c8" }, { "vulnerability": "VCID-xfy6-snb8-63av" }, { "vulnerability": "VCID-xrgb-9dwh-mubm" }, { "vulnerability": "VCID-xxn1-2trx-myhs" }, { "vulnerability": "VCID-xzdx-45tg-w7ft" }, { "vulnerability": "VCID-y2pg-cgqs-s3gb" }, { "vulnerability": "VCID-y4qh-ek9n-cyc1" }, { "vulnerability": "VCID-ys96-uhkv-2qgv" }, { "vulnerability": "VCID-zbsq-dfju-mkf5" }, { "vulnerability": "VCID-zqjn-srqb-kfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%252Bdeb12u2" } ], "aliases": [ "CVE-2024-25262" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqqh-5311-w7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94089?format=api", "vulnerability_id": "VCID-tju2-c87e-5kcx", "summary": "In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41958", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41908", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41851", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41922", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41921", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18604" }, { "reference_url": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18604", "reference_id": "CVE-2019-18604", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18604" }, { "reference_url": "https://usn.ubuntu.com/6695-1/", "reference_id": "USN-6695-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6695-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053587?format=api", "purl": "pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-bqqh-5311-w7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18604" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tju2-c87e-5kcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74711?format=api", "vulnerability_id": "VCID-z8b6-9u9h-gkcp", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.8009", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80166", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80144", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80134", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.8016", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632802", "reference_id": "1632802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317", "reference_id": "909317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317" }, { "reference_url": "https://security.archlinux.org/ASA-201812-4", "reference_id": "ASA-201812-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201812-4" }, { "reference_url": "https://security.archlinux.org/AVG-770", "reference_id": "AVG-770", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1036", "reference_id": "RHSA-2020:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1036" }, { "reference_url": "https://usn.ubuntu.com/3788-1/", "reference_id": "USN-3788-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3788-1/" }, { "reference_url": "https://usn.ubuntu.com/3788-2/", "reference_id": "USN-3788-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3788-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053586?format=api", "purl": "pkg:deb/debian/texlive-bin@2018.20181218.49446-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gpv-93qp-bfhn" }, { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-9kvx-465q-fkam" }, { "vulnerability": "VCID-bqqh-5311-w7ca" }, { "vulnerability": "VCID-tju2-c87e-5kcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2018.20181218.49446-1" } ], "aliases": [ "CVE-2018-17407" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8b6-9u9h-gkcp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74711?format=api", "vulnerability_id": "VCID-z8b6-9u9h-gkcp", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.8009", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80166", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80144", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80134", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.8016", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632802", "reference_id": "1632802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317", "reference_id": "909317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317" }, { "reference_url": "https://security.archlinux.org/ASA-201812-4", "reference_id": "ASA-201812-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201812-4" }, { "reference_url": "https://security.archlinux.org/AVG-770", "reference_id": "AVG-770", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1036", "reference_id": "RHSA-2020:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1036" }, { "reference_url": "https://usn.ubuntu.com/3788-1/", "reference_id": "USN-3788-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3788-1/" }, { "reference_url": "https://usn.ubuntu.com/3788-2/", "reference_id": "USN-3788-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3788-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037649?format=api", "purl": "pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gpv-93qp-bfhn" }, { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-9kvx-465q-fkam" }, { "vulnerability": "VCID-bqqh-5311-w7ca" }, { "vulnerability": "VCID-tju2-c87e-5kcx" }, { "vulnerability": "VCID-z8b6-9u9h-gkcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1053586?format=api", "purl": "pkg:deb/debian/texlive-bin@2018.20181218.49446-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gpv-93qp-bfhn" }, { "vulnerability": "VCID-47dt-fhqh-pkag" }, { "vulnerability": "VCID-9kvx-465q-fkam" }, { "vulnerability": "VCID-bqqh-5311-w7ca" }, { "vulnerability": "VCID-tju2-c87e-5kcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2018.20181218.49446-1" } ], "aliases": [ "CVE-2018-17407" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8b6-9u9h-gkcp" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%252Bdeb9u1" }