Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/280905?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/280905?format=api", "purl": "pkg:deb/debian/hdf5@1.6.5-3", "type": "deb", "namespace": "debian", "name": "hdf5", "version": "1.6.5-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.14.5+repack-3", "latest_non_vulnerable_version": "1.14.5+repack-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72319?format=api", "vulnerability_id": "VCID-2xcu-cxdq-b3hb", "summary": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32349", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3232", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633856", "reference_id": "1633856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633856" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17234" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xcu-cxdq-b3hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72284?format=api", "vulnerability_id": "VCID-59vv-6fa4-ckfh", "summary": "In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59499", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59524", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59552", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59543", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59549", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524911", "reference_id": "1524911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524911" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2017-17509" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59vv-6fa4-ckfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72277?format=api", "vulnerability_id": "VCID-88vu-rux2-xfa8", "summary": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48536", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48496", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48543", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48524", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397708", "reference_id": "1397708", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/280910?format=api", "purl": "pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-88vu-rux2-xfa8" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-amvr-fecp-rkdr" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-c1z9-d33b-w3e6" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" }, { "vulnerability": "VCID-ycz8-g88h-7fhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/516764?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4333" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88vu-rux2-xfa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72320?format=api", "vulnerability_id": "VCID-ae73-ha67-tqgm", "summary": "A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33517", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33464", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33497", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633860", "reference_id": "1633860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633860" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17237" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae73-ha67-tqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72288?format=api", "vulnerability_id": "VCID-afg8-hmzq-xbf2", "summary": "A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70055", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70046", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579951", "reference_id": "1579951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579951" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2018-11203" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afg8-hmzq-xbf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72276?format=api", "vulnerability_id": "VCID-amvr-fecp-rkdr", "summary": "The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28967", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28931", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28895", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.2886", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397707", "reference_id": "1397707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/280910?format=api", "purl": "pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-88vu-rux2-xfa8" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-amvr-fecp-rkdr" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-c1z9-d33b-w3e6" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" }, { "vulnerability": "VCID-ycz8-g88h-7fhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/516764?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4332" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amvr-fecp-rkdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72280?format=api", "vulnerability_id": "VCID-bqwb-uc25-6ucm", "summary": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63089", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63112", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524907", "reference_id": "1524907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2017-17506" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqwb-uc25-6ucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72324?format=api", "vulnerability_id": "VCID-bv3t-82cc-qfd8", "summary": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52418", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52478", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52438", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52486", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52466", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17434" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634121", "reference_id": "1634121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634121" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17434" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv3t-82cc-qfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72275?format=api", "vulnerability_id": "VCID-c1z9-d33b-w3e6", "summary": "When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63984", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64026", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64034", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64012", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397704", "reference_id": "1397704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/280910?format=api", "purl": "pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-88vu-rux2-xfa8" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-amvr-fecp-rkdr" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-c1z9-d33b-w3e6" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" }, { "vulnerability": "VCID-ycz8-g88h-7fhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/516764?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4331" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1z9-d33b-w3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72290?format=api", "vulnerability_id": "VCID-chka-ff1j-gqe3", "summary": "A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58454", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58487", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58509", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58502", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579955", "reference_id": "1579955", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2018-11204" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chka-ff1j-gqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72332?format=api", "vulnerability_id": "VCID-cy3q-7n3v-xbgr", "summary": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33724", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33792", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33758", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634132", "reference_id": "1634132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17437" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy3q-7n3v-xbgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72318?format=api", "vulnerability_id": "VCID-dypw-pp9q-bycr", "summary": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50977", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50932", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50982", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50962", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633853", "reference_id": "1633853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633853" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17233" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dypw-pp9q-bycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72300?format=api", "vulnerability_id": "VCID-e3j2-wght-wbaq", "summary": "A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75513", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75541", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75522", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75545", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75536", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579961", "reference_id": "1579961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2018-11207" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j2-wght-wbaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72334?format=api", "vulnerability_id": "VCID-e4qy-jb8b-dkgg", "summary": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58401", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58378", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634139", "reference_id": "1634139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195413?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1" } ], "aliases": [ "CVE-2018-17438" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4qy-jb8b-dkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72285?format=api", "vulnerability_id": "VCID-hnkh-k2sk-gqaq", "summary": "A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80231", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80258", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80254", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579946", "reference_id": "1579946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579946" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2018-11202" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnkh-k2sk-gqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72279?format=api", "vulnerability_id": "VCID-mkse-aj8h-2fd4", "summary": "In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63204", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63227", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63217", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.6322", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524906", "reference_id": "1524906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524906" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2017-17505" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkse-aj8h-2fd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72283?format=api", "vulnerability_id": "VCID-uzzm-mpfp-s7gv", "summary": "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63089", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63112", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17508" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524910", "reference_id": "1524910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524910" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516765?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10" } ], "aliases": [ "CVE-2017-17508" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzzm-mpfp-s7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72273?format=api", "vulnerability_id": "VCID-ycz8-g88h-7fhs", "summary": "In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63565", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63608", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63615", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63606", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63595", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397701", "reference_id": "1397701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/280910?format=api", "purl": "pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-88vu-rux2-xfa8" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-amvr-fecp-rkdr" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-c1z9-d33b-w3e6" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" }, { "vulnerability": "VCID-ycz8-g88h-7fhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/516764?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xcu-cxdq-b3hb" }, { "vulnerability": "VCID-59vv-6fa4-ckfh" }, { "vulnerability": "VCID-ae73-ha67-tqgm" }, { "vulnerability": "VCID-afg8-hmzq-xbf2" }, { "vulnerability": "VCID-bqwb-uc25-6ucm" }, { "vulnerability": "VCID-bv3t-82cc-qfd8" }, { "vulnerability": "VCID-chka-ff1j-gqe3" }, { "vulnerability": "VCID-cy3q-7n3v-xbgr" }, { "vulnerability": "VCID-dypw-pp9q-bycr" }, { "vulnerability": "VCID-e3j2-wght-wbaq" }, { "vulnerability": "VCID-e4qy-jb8b-dkgg" }, { "vulnerability": "VCID-hnkh-k2sk-gqaq" }, { "vulnerability": "VCID-mkse-aj8h-2fd4" }, { "vulnerability": "VCID-uzzm-mpfp-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4330" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycz8-g88h-7fhs" } ], "fixing_vulnerabilities": [], "risk_score": "3.9", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.6.5-3" }