Lookup for vulnerable packages by Package URL.
| Purl | pkg:apk/alpine/ffmpeg@3.1.8-r0?arch=aarch64&distroversion=v3.5&reponame=main |
|---|
| Type | apk |
|---|
| Namespace | alpine |
|---|
| Name | ffmpeg |
|---|
| Version | 3.1.8-r0 |
|---|
| Qualifiers |
| arch |
aarch64 |
| distroversion |
v3.5 |
| reponame |
main |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 3.1.9-r0 |
|---|
| Latest_non_vulnerable_version | 3.1.11-r1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-f3jf-6qya-nuht |
| vulnerability_id |
VCID-f3jf-6qya-nuht |
| summary |
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9996 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59898 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59976 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60001 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59972 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60022 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60056 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60041 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60024 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60063 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.6007 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60055 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9996 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9996
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f3jf-6qya-nuht |
|
| 1 |
| url |
VCID-n417-8xsr-nuhx |
| vulnerability_id |
VCID-n417-8xsr-nuhx |
| summary |
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63779 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.6384 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63866 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63824 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63875 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63892 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63906 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63891 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63858 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63893 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63903 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00455 |
| scoring_system |
epss |
| scoring_elements |
0.63894 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9991 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9991
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n417-8xsr-nuhx |
|
| 2 |
| url |
VCID-pyw4-6cjy-6ken |
| vulnerability_id |
VCID-pyw4-6cjy-6ken |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9992 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71919 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71927 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71946 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71923 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71962 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00699 |
| scoring_system |
epss |
| scoring_elements |
0.71974 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72842 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72825 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72816 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72858 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72868 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00736 |
| scoring_system |
epss |
| scoring_elements |
0.72861 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9992 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9992
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pyw4-6cjy-6ken |
|
| 3 |
| url |
VCID-u9w6-aeku-akav |
| vulnerability_id |
VCID-u9w6-aeku-akav |
| summary |
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9994 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.61957 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62028 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62059 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62029 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62079 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62096 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62116 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62105 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62084 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62128 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62134 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62118 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9994 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9994
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u9w6-aeku-akav |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.1.8-r0%3Farch=aarch64&distroversion=v3.5&reponame=main |
|---|