Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4505?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "type": "deb", "namespace": "debian", "name": "vlc", "version": "2.0.3-5+deb7u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.11-0+deb9u1", "latest_non_vulnerable_version": "3.0.11-0+deb9u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4100?format=api", "vulnerability_id": "VCID-2gbt-e8k9-bfe3", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17012", "scoring_system": "epss", "scoring_elements": "0.95104", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276", "reference_id": "930276", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276" }, { "reference_url": "https://security.archlinux.org/ASA-201906-22", "reference_id": "ASA-201906-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-22" }, { "reference_url": "https://security.archlinux.org/AVG-998", "reference_id": "AVG-998", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-998" }, { "reference_url": "https://security.gentoo.org/glsa/201908-23", "reference_id": "GLSA-201908-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2019-5439" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gbt-e8k9-bfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6548?format=api", "vulnerability_id": "VCID-2ymu-55hb-aydp", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07052", "scoring_system": "epss", "scoring_elements": "0.91648", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313" }, { "reference_url": "https://security.archlinux.org/ASA-201706-1", "reference_id": "ASA-201706-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-1" }, { "reference_url": "https://security.archlinux.org/AVG-283", "reference_id": "AVG-283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-283" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44514.py", "reference_id": "CVE-2017-8311", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44514.py" }, { "reference_url": "https://security.gentoo.org/glsa/201707-10", "reference_id": "GLSA-201707-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201707-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4508?format=api", "purl": "pkg:deb/debian/vlc@2.2.7-1~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.2.7-1~deb8u1" } ], "aliases": [ "CVE-2017-8311" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ymu-55hb-aydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6547?format=api", "vulnerability_id": "VCID-39m5-1raf-aqdk", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56837", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313" }, { "reference_url": "https://security.archlinux.org/ASA-201706-1", "reference_id": "ASA-201706-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-1" }, { "reference_url": "https://security.archlinux.org/AVG-283", "reference_id": "AVG-283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-283" }, { "reference_url": "https://security.gentoo.org/glsa/201707-10", "reference_id": "GLSA-201707-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201707-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4508?format=api", "purl": "pkg:deb/debian/vlc@2.2.7-1~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.2.7-1~deb8u1" } ], "aliases": [ "CVE-2017-8312" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39m5-1raf-aqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4101?format=api", "vulnerability_id": "VCID-3ae2-1yab-r3ep", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.76", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5460" }, { "reference_url": "https://security.archlinux.org/ASA-201906-22", "reference_id": "ASA-201906-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-22" }, { "reference_url": "https://security.archlinux.org/AVG-998", "reference_id": "AVG-998", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-998" }, { "reference_url": "https://security.gentoo.org/glsa/201908-23", "reference_id": "GLSA-201908-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2019-12874" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ae2-1yab-r3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3996?format=api", "vulnerability_id": "VCID-89yv-t37p-tuaq", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70405", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6079" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89yv-t37p-tuaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4001?format=api", "vulnerability_id": "VCID-b1we-n5jv-53dv", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64797", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6071" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1we-n5jv-53dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6245?format=api", "vulnerability_id": "VCID-c5hg-us5r-77cq", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73818", "scoring_system": "epss", "scoring_elements": "0.9884", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529" }, { "reference_url": "https://security.archlinux.org/AVG-755", "reference_id": "AVG-755", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-755" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/45626.rb", "reference_id": "CVE-2018-11529", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/45626.rb" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/fb689da24c9de2ccda6707c6cfe0d053a4844dfd/modules/exploits/windows/fileformat/vlc_mkv.rb", "reference_id": "CVE-2018-11529", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/fb689da24c9de2ccda6707c6cfe0d053a4844dfd/modules/exploits/windows/fileformat/vlc_mkv.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2018-11529" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5hg-us5r-77cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3999?format=api", "vulnerability_id": "VCID-cshp-tets-gfbk", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6831", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cshp-tets-gfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3995?format=api", "vulnerability_id": "VCID-fkdd-mfrw-r7gm", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54548", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6080" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdd-mfrw-r7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4351?format=api", "vulnerability_id": "VCID-j5qs-dpjh-f3cs", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71872", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9300" }, { "reference_url": "https://security.archlinux.org/ASA-201712-4", "reference_id": "ASA-201712-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-4" }, { "reference_url": "https://security.archlinux.org/AVG-533", "reference_id": "AVG-533", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4508?format=api", "purl": "pkg:deb/debian/vlc@2.2.7-1~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.2.7-1~deb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2017-10699" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5qs-dpjh-f3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6549?format=api", "vulnerability_id": "VCID-murd-k9xt-6bdk", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39763", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8313" }, { "reference_url": "https://security.archlinux.org/ASA-201706-1", "reference_id": "ASA-201706-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-1" }, { "reference_url": "https://security.archlinux.org/AVG-283", "reference_id": "AVG-283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-283" }, { "reference_url": "https://security.gentoo.org/glsa/201707-10", "reference_id": "GLSA-201707-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201707-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4508?format=api", "purl": "pkg:deb/debian/vlc@2.2.7-1~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.2.7-1~deb8u1" } ], "aliases": [ "CVE-2017-8310" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-murd-k9xt-6bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4000?format=api", "vulnerability_id": "VCID-qjfd-tzwn-jyfg", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78577", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6072" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjfd-tzwn-jyfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3997?format=api", "vulnerability_id": "VCID-x78p-6scf-bydj", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6831", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6078" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x78p-6scf-bydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3998?format=api", "vulnerability_id": "VCID-xutf-mndc-8yd7", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67867", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080" }, { "reference_url": "https://security.archlinux.org/ASA-202004-24", "reference_id": "ASA-202004-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-24" }, { "reference_url": "https://security.archlinux.org/AVG-1136", "reference_id": "AVG-1136", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1136" }, { "reference_url": "https://security.gentoo.org/glsa/202005-10", "reference_id": "GLSA-202005-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2020-6077" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xutf-mndc-8yd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4350?format=api", "vulnerability_id": "VCID-y83r-eq34-ykbc", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56897", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9300" }, { "reference_url": "https://security.archlinux.org/ASA-201712-4", "reference_id": "ASA-201712-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-4" }, { "reference_url": "https://security.archlinux.org/AVG-533", "reference_id": "AVG-533", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4508?format=api", "purl": "pkg:deb/debian/vlc@2.2.7-1~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.2.7-1~deb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5016?format=api", "purl": "pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.11-0%252Bdeb9u1" } ], "aliases": [ "CVE-2017-9300" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y83r-eq34-ykbc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104079?format=api", "vulnerability_id": "VCID-2spt-pwjf-17bu", "summary": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56883", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866", "reference_id": "775866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2014-9627" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2spt-pwjf-17bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104067?format=api", "vulnerability_id": "VCID-9j2k-pmhh-wkdm", "summary": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84951", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705136", "reference_id": "705136", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705136" }, { "reference_url": "https://security.gentoo.org/glsa/201411-01", "reference_id": "GLSA-201411-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2013-1954" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j2k-pmhh-wkdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104071?format=api", "vulnerability_id": "VCID-hgqg-bw56-8qba", "summary": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03905", "scoring_system": "epss", "scoring_elements": "0.88497", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726528", "reference_id": "726528", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726528" }, { "reference_url": "https://security.gentoo.org/glsa/201411-01", "reference_id": "GLSA-201411-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2013-4388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgqg-bw56-8qba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104078?format=api", "vulnerability_id": "VCID-hvup-7985-fyf6", "summary": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56883", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866", "reference_id": "775866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2014-9626" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvup-7985-fyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104080?format=api", "vulnerability_id": "VCID-p7sp-2r4k-ykca", "summary": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01634", "scoring_system": "epss", "scoring_elements": "0.8225", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866", "reference_id": "775866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2014-9628" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7sp-2r4k-ykca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104082?format=api", "vulnerability_id": "VCID-uf2q-g8wp-8fgd", "summary": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60939", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866", "reference_id": "775866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2014-9630" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uf2q-g8wp-8fgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104081?format=api", "vulnerability_id": "VCID-uy8a-4exj-93et", "summary": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01498", "scoring_system": "epss", "scoring_elements": "0.81456", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866", "reference_id": "775866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2014-9629" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy8a-4exj-93et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104066?format=api", "vulnerability_id": "VCID-z2g5-az73-rkb2", "summary": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.50657", "scoring_system": "epss", "scoring_elements": "0.97902", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4388" }, { "reference_url": "https://security.gentoo.org/glsa/201411-01", "reference_id": "GLSA-201411-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/23201.txt", "reference_id": "OSVDB-88299;CVE-2013-1868", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/23201.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4505?format=api", "purl": "pkg:deb/debian/vlc@2.0.3-5%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gbt-e8k9-bfe3" }, { "vulnerability": "VCID-2ymu-55hb-aydp" }, { "vulnerability": "VCID-39m5-1raf-aqdk" }, { "vulnerability": "VCID-3ae2-1yab-r3ep" }, { "vulnerability": "VCID-89yv-t37p-tuaq" }, { "vulnerability": "VCID-b1we-n5jv-53dv" }, { "vulnerability": "VCID-c5hg-us5r-77cq" }, { "vulnerability": "VCID-cshp-tets-gfbk" }, { "vulnerability": "VCID-fkdd-mfrw-r7gm" }, { "vulnerability": "VCID-j5qs-dpjh-f3cs" }, { "vulnerability": "VCID-murd-k9xt-6bdk" }, { "vulnerability": "VCID-qjfd-tzwn-jyfg" }, { "vulnerability": "VCID-x78p-6scf-bydj" }, { "vulnerability": "VCID-xutf-mndc-8yd7" }, { "vulnerability": "VCID-y83r-eq34-ykbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" } ], "aliases": [ "CVE-2013-1868" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2g5-az73-rkb2" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@2.0.3-5%252Bdeb7u2" }