Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/file@3.24-4

Type deb

Namespace debian

Name file

Version 3.24-4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1:5.39-3+deb11u1

Latest_non_vulnerable_version 1:5.39-3+deb11u1

Affected_by_vulnerabilities

url VCID-1s3x-b1vy-qyef

vulnerability_id VCID-1s3x-b1vy-qyef

summary file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3538

reference_id

reference_type

scores

value	0.33041
scoring_system	epss
scoring_elements	0.96988
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098222
reference_id	1098222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098222

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3538

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1s3x-b1vy-qyef

url VCID-2873-ph57-vqhd

vulnerability_id VCID-2873-ph57-vqhd

summary Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3478

reference_id

reference_type

scores

value	0.37602
scoring_system	epss
scoring_elements	0.97279
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104863
reference_id	1104863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104863

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3478

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2873-ph57-vqhd

url VCID-2j7b-43x6-6fh8

vulnerability_id VCID-2j7b-43x6-6fh8

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8907

reference_id

reference_type

scores

value	0.0053
scoring_system	epss
scoring_elements	0.6759
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679138
reference_id	1679138
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679138

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968
reference_id	922968
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968

reference_url	https://security.archlinux.org/ASA-201903-5
reference_id	ASA-201903-5
reference_type
scores
url	https://security.archlinux.org/ASA-201903-5

reference_url

https://security.archlinux.org/AVG-907

reference_id

AVG-907

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-907

fixed_packages

url pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

purl pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-68bn-52v7-pucm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2

aliases CVE-2019-8907

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j7b-43x6-6fh8

url VCID-2wcw-hej1-1qaq

vulnerability_id VCID-2wcw-hej1-1qaq

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8904

reference_id

reference_type

scores

value	0.01089
scoring_system	epss
scoring_elements	0.78265
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679188
reference_id	1679188
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679188

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967
reference_id	922967
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967

reference_url	https://security.archlinux.org/ASA-201903-5
reference_id	ASA-201903-5
reference_type
scores
url	https://security.archlinux.org/ASA-201903-5

reference_url

https://security.archlinux.org/AVG-907

reference_id

AVG-907

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-907

fixed_packages

url pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

purl pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-68bn-52v7-pucm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2

aliases CVE-2019-8904

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wcw-hej1-1qaq

url VCID-5f4s-ce83-pkcw

vulnerability_id VCID-5f4s-ce83-pkcw

summary The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3710

reference_id

reference_type

scores

value	0.08075
scoring_system	epss
scoring_elements	0.92289
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1155071
reference_id	1155071
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1155071

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806
reference_id	768806
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806

reference_url	https://security.gentoo.org/glsa/201503-03
reference_id	GLSA-201503-03
reference_type
scores
url	https://security.gentoo.org/glsa/201503-03

reference_url	https://security.gentoo.org/glsa/201701-42
reference_id	GLSA-201701-42
reference_type
scores
url	https://security.gentoo.org/glsa/201701-42

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2014:1767
reference_id	RHSA-2014:1767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1767

reference_url	https://access.redhat.com/errata/RHSA-2014:1768
reference_id	RHSA-2014:1768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1768

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3710

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f4s-ce83-pkcw

url VCID-68bn-52v7-pucm

vulnerability_id VCID-68bn-52v7-pucm

summary arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18218

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.3851
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18218

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1765272
reference_id	1765272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1765272

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830
reference_id	942830
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830

reference_url	https://security.archlinux.org/ASA-202001-2
reference_id	ASA-202001-2
reference_type
scores
url	https://security.archlinux.org/ASA-202001-2

reference_url

https://security.archlinux.org/AVG-1083

reference_id

AVG-1083

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1083

reference_url	https://security.gentoo.org/glsa/202003-24
reference_id	GLSA-202003-24
reference_type
scores
url	https://security.gentoo.org/glsa/202003-24

reference_url	https://access.redhat.com/errata/RHSA-2021:4374
reference_id	RHSA-2021:4374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4374

fixed_packages

url pkg:deb/debian/file@1:5.30-1%2Bdeb9u3

purl pkg:deb/debian/file@1:5.30-1%2Bdeb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3

url pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

purl pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-68bn-52v7-pucm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2

url	pkg:deb/debian/file@1:5.39-3%2Bdeb11u1
purl	pkg:deb/debian/file@1:5.39-3%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1

aliases CVE-2019-18218

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68bn-52v7-pucm

url VCID-84y5-7hge-vbhn

vulnerability_id VCID-84y5-7hge-vbhn

summary The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3480

reference_id

reference_type

scores

value	0.03336
scoring_system	epss
scoring_elements	0.87519
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104858
reference_id	1104858
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104858

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3480

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84y5-7hge-vbhn

url VCID-85yn-4pxf-akht

vulnerability_id VCID-85yn-4pxf-akht

summary readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9653.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9653.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9653

reference_id

reference_type

scores

value	0.06827
scoring_system	epss
scoring_elements	0.91499
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1190116
reference_id	1190116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1190116

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777585
reference_id	777585
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777585

reference_url	https://security.gentoo.org/glsa/201701-42
reference_id	GLSA-201701-42
reference_type
scores
url	https://security.gentoo.org/glsa/201701-42

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-9653

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85yn-4pxf-akht

url VCID-avrk-szvf-13av

vulnerability_id VCID-avrk-szvf-13av

summary The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3479

reference_id

reference_type

scores

value	0.05923
scoring_system	epss
scoring_elements	0.90782
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104869
reference_id	1104869
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104869

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3479

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avrk-szvf-13av

url VCID-cfsm-er88-1uc2

vulnerability_id VCID-cfsm-er88-1uc2

summary The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9620.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9620.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9620

reference_id

reference_type

scores

value	0.072
scoring_system	epss
scoring_elements	0.91743
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1180639
reference_id	1180639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1180639

reference_url	https://security.gentoo.org/glsa/201503-08
reference_id	GLSA-201503-08
reference_type
scores
url	https://security.gentoo.org/glsa/201503-08

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-9620

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfsm-er88-1uc2

url VCID-cuyy-h7c4-bkdj

vulnerability_id VCID-cuyy-h7c4-bkdj

summary Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-1943

reference_id

reference_type

scores

value	0.24895
scoring_system	epss
scoring_elements	0.96262
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-1943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065836
reference_id	1065836
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065836

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832
reference_id	738832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832

reference_url	https://security.gentoo.org/glsa/201403-03
reference_id	GLSA-201403-03
reference_type
scores
url	https://security.gentoo.org/glsa/201403-03

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-1943

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuyy-h7c4-bkdj

url VCID-fmz4-96xm-ebd6

vulnerability_id VCID-fmz4-96xm-ebd6

summary softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8117.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8117

reference_id

reference_type

scores

value	0.16453
scoring_system	epss
scoring_elements	0.95007
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1174606
reference_id	1174606
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1174606

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148
reference_id	773148
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148

reference_url	https://security.gentoo.org/glsa/201412-48
reference_id	GLSA-201412-48
reference_type
scores
url	https://security.gentoo.org/glsa/201412-48

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-8117

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmz4-96xm-ebd6

url VCID-gc82-p6sr-c7ew

vulnerability_id VCID-gc82-p6sr-c7ew

summary The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9652

reference_id

reference_type

scores

value	0.06907
scoring_system	epss
scoring_elements	0.91551
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1188599
reference_id	1188599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1188599

reference_url	https://security.gentoo.org/glsa/201701-42
reference_id	GLSA-201701-42
reference_type
scores
url	https://security.gentoo.org/glsa/201701-42

reference_url	https://access.redhat.com/errata/RHSA-2015:1053
reference_id	RHSA-2015:1053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1053

reference_url	https://access.redhat.com/errata/RHSA-2015:1066
reference_id	RHSA-2015:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1066

reference_url	https://access.redhat.com/errata/RHSA-2015:1135
reference_id	RHSA-2015:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1135

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-9652

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gc82-p6sr-c7ew

url VCID-k6m7-rzf9-a3hy

vulnerability_id VCID-k6m7-rzf9-a3hy

summary The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3487

reference_id

reference_type

scores

value	0.14502
scoring_system	epss
scoring_elements	0.94576
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1107544
reference_id	1107544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1107544

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3487

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m7-rzf9-a3hy

url VCID-kuga-71fb-c7gu

vulnerability_id VCID-kuga-71fb-c7gu

summary softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2270

reference_id

reference_type

scores

value	0.30772
scoring_system	epss
scoring_elements	0.9682
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1072220
reference_id	1072220
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1072220

reference_url	https://security.gentoo.org/glsa/201503-08
reference_id	GLSA-201503-08
reference_type
scores
url	https://security.gentoo.org/glsa/201503-08

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-2270

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuga-71fb-c7gu

url VCID-mwnw-synf-fbc1

vulnerability_id VCID-mwnw-synf-fbc1

summary The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0237

reference_id

reference_type

scores

value	0.2611
scoring_system	epss
scoring_elements	0.96387
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098193
reference_id	1098193
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098193

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-0237

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwnw-synf-fbc1

url VCID-n8fm-snfw-w3br

vulnerability_id VCID-n8fm-snfw-w3br

summary The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8116.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8116

reference_id

reference_type

scores

value	0.15876
scoring_system	epss
scoring_elements	0.94872
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1171580
reference_id	1171580
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1171580

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148
reference_id	773148
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-8116

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8fm-snfw-w3br

url VCID-qdn9-f94n-83dz

vulnerability_id VCID-qdn9-f94n-83dz

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8906

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26774
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8906

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679175
reference_id	1679175
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679175

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969
reference_id	922969
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969

reference_url	https://security.archlinux.org/ASA-201903-5
reference_id	ASA-201903-5
reference_type
scores
url	https://security.archlinux.org/ASA-201903-5

reference_url

https://security.archlinux.org/AVG-907

reference_id

AVG-907

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-907

fixed_packages

url pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

purl pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-68bn-52v7-pucm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2

aliases CVE-2019-8906

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdn9-f94n-83dz

url VCID-qqgd-zrvc-2uaf

vulnerability_id VCID-qqgd-zrvc-2uaf

summary Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3587

reference_id

reference_type

scores

value	0.30214
scoring_system	epss
scoring_elements	0.96769
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1128587
reference_id	1128587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1128587

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-3587

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqgd-zrvc-2uaf

url VCID-scd1-g67x-3ybp

vulnerability_id VCID-scd1-g67x-3ybp

summary The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7345

reference_id

reference_type

scores

value	0.01128
scoring_system	epss
scoring_elements	0.7864
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1079846
reference_id	1079846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1079846

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993
reference_id	703993
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993

reference_url	https://security.gentoo.org/glsa/201408-08
reference_id	GLSA-201408-08
reference_type
scores
url	https://security.gentoo.org/glsa/201408-08

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2013-7345

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scd1-g67x-3ybp

url VCID-tuqp-1bxj-y7bz

vulnerability_id VCID-tuqp-1bxj-y7bz

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8905

reference_id

reference_type

scores

value	0.00113
scoring_system	epss
scoring_elements	0.2952
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679181
reference_id	1679181
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679181

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968
reference_id	922968
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968

reference_url	https://security.archlinux.org/ASA-201903-5
reference_id	ASA-201903-5
reference_type
scores
url	https://security.archlinux.org/ASA-201903-5

reference_url

https://security.archlinux.org/AVG-907

reference_id

AVG-907

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-907

fixed_packages

url pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

purl pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-68bn-52v7-pucm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2

aliases CVE-2019-8905

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqp-1bxj-y7bz

url VCID-xvxf-js9u-yyff

vulnerability_id VCID-xvxf-js9u-yyff

summary The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0238

reference_id

reference_type

scores

value	0.24474
scoring_system	epss
scoring_elements	0.96216
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098155
reference_id	1098155
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098155

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-0238

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxf-js9u-yyff

url VCID-zqdy-kvwk-3ubd

vulnerability_id VCID-zqdy-kvwk-3ubd

summary The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0207

reference_id

reference_type

scores

value	0.09377
scoring_system	epss
scoring_elements	0.92932
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1091842
reference_id	1091842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1091842

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

url pkg:deb/debian/file@5.11-2%2Bdeb7u8

purl pkg:deb/debian/file@5.11-2%2Bdeb7u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7b-43x6-6fh8

vulnerability	VCID-2wcw-hej1-1qaq

vulnerability	VCID-68bn-52v7-pucm

vulnerability	VCID-qdn9-f94n-83dz

vulnerability	VCID-tuqp-1bxj-y7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8

aliases CVE-2014-0207

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdy-kvwk-3ubd

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@3.24-4

Package Instance