Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/158018?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/158018?format=api", "purl": "pkg:rpm/redhat/ImageMagick@6.7.8.9-15?arch=el7_2", "type": "rpm", "namespace": "redhat", "name": "ImageMagick", "version": "6.7.8.9-15", "qualifiers": { "arch": "el7_2" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71658?format=api", "vulnerability_id": "VCID-8bqx-wacm-syaq", "summary": "The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5240.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5240.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.80826", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.80853", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.80855", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.80852", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.80849", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333417", "reference_id": "1333417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" } ], "fixed_packages": [], "aliases": [ "CVE-2016-5240" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqx-wacm-syaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72866?format=api", "vulnerability_id": "VCID-9t2e-m89f-e3hd", "summary": "The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8897.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45488", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45556", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45561", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45541", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45516", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344271", "reference_id": "1344271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "reference_url": "https://usn.ubuntu.com/3131-1/", "reference_id": "USN-3131-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3131-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2015-8897" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t2e-m89f-e3hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72867?format=api", "vulnerability_id": "VCID-aujq-7h89-2fab", "summary": "The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8898.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36859", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36951", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36923", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36885", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8898" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344264", "reference_id": "1344264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "reference_url": "https://usn.ubuntu.com/3131-1/", "reference_id": "USN-3131-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3131-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2015-8898" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aujq-7h89-2fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72864?format=api", "vulnerability_id": "VCID-jfwg-1ajy-zycy", "summary": "Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8895.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8895.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81275", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81303", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81305", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81299", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8895" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269553", "reference_id": "1269553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269553" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441", "reference_id": "806441", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "reference_url": "https://usn.ubuntu.com/3131-1/", "reference_id": "USN-3131-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3131-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2015-8895" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfwg-1ajy-zycy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72865?format=api", "vulnerability_id": "VCID-jusk-fbj9-rbfb", "summary": "Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8896.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68321", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68329", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68306", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269562", "reference_id": "1269562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441", "reference_id": "806441", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "reference_url": "https://usn.ubuntu.com/3131-1/", "reference_id": "USN-3131-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3131-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2015-8896" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jusk-fbj9-rbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71657?format=api", "vulnerability_id": "VCID-upv8-hfqa-z7eq", "summary": "The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5239.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76362", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.7639", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76391", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76382", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.7637", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334188", "reference_id": "1334188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" } ], "fixed_packages": [], "aliases": [ "CVE-2016-5239" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upv8-hfqa-z7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71656?format=api", "vulnerability_id": "VCID-y44n-e4aj-73hc", "summary": "The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5118.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37736", "scoring_system": "epss", "scoring_elements": "0.97286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.37736", "scoring_system": "epss", "scoring_elements": "0.97291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.37736", "scoring_system": "epss", "scoring_elements": "0.97292", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.37736", "scoring_system": "epss", "scoring_elements": "0.97293", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.37736", "scoring_system": "epss", "scoring_elements": "0.97294", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340814", "reference_id": "1340814", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825799", "reference_id": "825799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825799" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825800", "reference_id": "825800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1237", "reference_id": "RHSA-2016:1237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "reference_url": "https://usn.ubuntu.com/2990-1/", "reference_id": "USN-2990-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2990-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-5118" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y44n-e4aj-73hc" } ], "fixing_vulnerabilities": [], "risk_score": "1.7", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.7.8.9-15%3Farch=el7_2" }