Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/gnumeric@1.8.3-5%2Blenny1

Type deb

Namespace debian

Name gnumeric

Version 1.8.3-5+lenny1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.12.18-2

Latest_non_vulnerable_version 1.12.18-2

Affected_by_vulnerabilities

url VCID-8c6b-6hbz-y3hc

vulnerability_id VCID-8c6b-6hbz-y3hc

summary Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6836

reference_id

reference_type

scores

value	0.01156
scoring_system	epss
scoring_elements	0.78509
published_at	2026-04-01T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78515
published_at	2026-04-02T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78545
published_at	2026-04-04T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78529
published_at	2026-04-07T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78555
published_at	2026-04-08T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.7856
published_at	2026-04-09T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78585
published_at	2026-04-18T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78566
published_at	2026-04-12T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78558
published_at	2026-04-13T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78587
published_at	2026-04-16T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78582
published_at	2026-04-21T12:55:00Z

value	0.01156
scoring_system	epss
scoring_elements	0.78615
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6836

fixed_packages

url	pkg:deb/debian/gnumeric@1.12.18-2
purl	pkg:deb/debian/gnumeric@1.12.18-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnumeric@1.12.18-2

aliases CVE-2013-6836

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8c6b-6hbz-y3hc

url VCID-jnt2-3jj4-17cw

vulnerability_id VCID-jnt2-3jj4-17cw

summary

An untrusted search path vulnerability in Gnumeric might result in the
    execution of arbitrary code.

references

reference_url	http://bugzilla.gnome.org/show_bug.cgi?id=569648
reference_id
reference_type
scores
url	http://bugzilla.gnome.org/show_bug.cgi?id=569648

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0318.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0318

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.206
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2076
published_at	2026-04-01T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20908
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20968
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20682
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20758
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20819
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20837
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20794
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20742
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20732
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20726
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20714
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318

reference_url	http://secunia.com/advisories/33707
reference_id
reference_type
scores
url	http://secunia.com/advisories/33707

reference_url	http://secunia.com/advisories/33823
reference_id
reference_type
scores
url	http://secunia.com/advisories/33823

reference_url	http://security.gentoo.org/glsa/glsa-200904-03.xml
reference_id
reference_type
scores
url	http://security.gentoo.org/glsa/glsa-200904-03.xml

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:043
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:043

reference_url	http://www.openwall.com/lists/oss-security/2009/01/26/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2009/01/26/2

reference_url	http://www.securityfocus.com/bid/33438
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/33438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=481572
reference_id	481572
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=481572

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513418
reference_id	513418
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513418

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gnumeric::::::::
reference_id	cpe:2.3:a:gnome:gnumeric::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gnumeric::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0318

reference_id

CVE-2009-0318

reference_type

scores

value	6.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:C/I:C/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0318

reference_url	https://security.gentoo.org/glsa/200904-03
reference_id	GLSA-200904-03
reference_type
scores
url	https://security.gentoo.org/glsa/200904-03

fixed_packages

url pkg:deb/debian/gnumeric@1.10.8-1squeeze5

purl pkg:deb/debian/gnumeric@1.10.8-1squeeze5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8c6b-6hbz-y3hc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnumeric@1.10.8-1squeeze5

aliases CVE-2009-0318

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnt2-3jj4-17cw

Fixing_vulnerabilities

url VCID-2kke-w7x2-5yaw

vulnerability_id VCID-2kke-w7x2-5yaw

summary

Several integer overflow vulnerabilities have been reported in Gnumeric,
    possibly resulting in user-assisted execution of arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0668.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0668.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-0668

reference_id

reference_type

scores

value	0.07512
scoring_system	epss
scoring_elements	0.91762
published_at	2026-04-01T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91771
published_at	2026-04-02T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91777
published_at	2026-04-04T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91784
published_at	2026-04-07T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91797
published_at	2026-04-08T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91804
published_at	2026-04-09T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91807
published_at	2026-04-11T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91809
published_at	2026-04-12T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91805
published_at	2026-04-13T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91824
published_at	2026-04-16T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91817
published_at	2026-04-21T12:55:00Z

value	0.07512
scoring_system	epss
scoring_elements	0.91823
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-0668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0668

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=431226
reference_id	431226
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=431226

reference_url	https://security.gentoo.org/glsa/200802-05
reference_id	GLSA-200802-05
reference_type
scores
url	https://security.gentoo.org/glsa/200802-05

reference_url	https://usn.ubuntu.com/604-1/
reference_id	USN-604-1
reference_type
scores
url	https://usn.ubuntu.com/604-1/

fixed_packages

url pkg:deb/debian/gnumeric@1.8.3-5%2Blenny1

purl pkg:deb/debian/gnumeric@1.8.3-5%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8c6b-6hbz-y3hc

vulnerability	VCID-jnt2-3jj4-17cw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnumeric@1.8.3-5%252Blenny1

aliases CVE-2008-0668

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kke-w7x2-5yaw

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnumeric@1.8.3-5%252Blenny1

Package Instance