Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6448?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6448?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.8.20-7", "type": "deb", "namespace": "debian", "name": "gtk+2.0", "version": "2.8.20-7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69856?format=api", "vulnerability_id": "VCID-3yaa-xt8h-cycb", "summary": "io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7673.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7673.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85255", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85279", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261836", "reference_id": "1261836", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261836" }, { "reference_url": "https://security.gentoo.org/glsa/201512-05", "reference_id": "GLSA-201512-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-05" }, { "reference_url": "https://usn.ubuntu.com/2767-1/", "reference_id": "USN-2767-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2767-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6452?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.24.10-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u2vf-5ns6-gfdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.24.10-2" } ], "aliases": [ "CVE-2015-7673" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yaa-xt8h-cycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71991?format=api", "vulnerability_id": "VCID-kd8u-szc8-6kc9", "summary": "gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0732.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0732.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12748", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0732" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=565527", "reference_id": "565527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565527" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6450?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.20.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yaa-xt8h-cycb" }, { "vulnerability": "VCID-qtnf-u4kt-ybav" }, { "vulnerability": "VCID-u2vf-5ns6-gfdn" }, { "vulnerability": "VCID-y52c-a5zt-r7hu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.20.1-2" } ], "aliases": [ "CVE-2010-0732" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kd8u-szc8-6kc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2949?format=api", "vulnerability_id": "VCID-qtnf-u4kt-ybav", "summary": "Security researcher Gustavo Grieco reported a heap overflow\nin gdk-pixbuf affecting Linux systems using Gnome. This issue is\ntriggered by the scaling of a malformed bitmap format image and results in a\npotentially exploitable crash.\nThis issue only affects Linux systems running Gnome. Windows and\nOS X operating systems are unaffected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03692", "scoring_system": "epss", "scoring_elements": "0.88149", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03692", "scoring_system": "epss", "scoring_elements": "0.8817", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", "reference_id": "1252290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491", "reference_id": "CVE-2015-4491", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491" }, { "reference_url": "https://security.gentoo.org/glsa/201512-05", "reference_id": "GLSA-201512-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-05" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-88", "reference_id": "mfsa2015-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-88" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1586", "reference_id": "RHSA-2015:1586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1682", "reference_id": "RHSA-2015:1682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1694", "reference_id": "RHSA-2015:1694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1694" }, { "reference_url": "https://usn.ubuntu.com/2702-1/", "reference_id": "USN-2702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2702-1/" }, { "reference_url": "https://usn.ubuntu.com/2712-1/", "reference_id": "USN-2712-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2712-1/" }, { "reference_url": "https://usn.ubuntu.com/2722-1/", "reference_id": "USN-2722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2722-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6452?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.24.10-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u2vf-5ns6-gfdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.24.10-2" } ], "aliases": [ "CVE-2015-4491" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtnf-u4kt-ybav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71994?format=api", "vulnerability_id": "VCID-u2vf-5ns6-gfdn", "summary": "Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7447.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04428", "scoring_system": "epss", "scoring_elements": "0.89222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04428", "scoring_system": "epss", "scoring_elements": "0.89239", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306681", "reference_id": "1306681", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306681" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275", "reference_id": "799275", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818090", "reference_id": "818090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818090" }, { "reference_url": "https://usn.ubuntu.com/2898-1/", "reference_id": "USN-2898-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2898-1/" }, { "reference_url": "https://usn.ubuntu.com/2898-2/", "reference_id": "USN-2898-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2898-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518749?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.24.31-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.24.31-2" } ], "aliases": [ "CVE-2013-7447" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2vf-5ns6-gfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69858?format=api", "vulnerability_id": "VCID-y52c-a5zt-r7hu", "summary": "Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7674.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268249", "reference_id": "1268249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268249" }, { "reference_url": "https://security.gentoo.org/glsa/201512-05", "reference_id": "GLSA-201512-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-05" }, { "reference_url": "https://usn.ubuntu.com/2767-1/", "reference_id": "USN-2767-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2767-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6452?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.24.10-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u2vf-5ns6-gfdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.24.10-2" } ], "aliases": [ "CVE-2015-7674" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y52c-a5zt-r7hu" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69842?format=api", "vulnerability_id": "VCID-3g3h-e1td-mkad", "summary": "io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1189", "scoring_system": "epss", "scoring_elements": "0.93874", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1189", "scoring_system": "epss", "scoring_elements": "0.93884", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617771", "reference_id": "1617771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617771" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431", "reference_id": "339431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431" }, { "reference_url": "https://security.gentoo.org/glsa/200511-14", "reference_id": "GLSA-200511-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200511-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:810", "reference_id": "RHSA-2005:810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:811", "reference_id": "RHSA-2005:811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:811" }, { "reference_url": "https://usn.ubuntu.com/216-1/", "reference_id": "USN-216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/216-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6448?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.8.20-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yaa-xt8h-cycb" }, { "vulnerability": "VCID-kd8u-szc8-6kc9" }, { "vulnerability": "VCID-qtnf-u4kt-ybav" }, { "vulnerability": "VCID-u2vf-5ns6-gfdn" }, { "vulnerability": "VCID-y52c-a5zt-r7hu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.8.20-7" } ], "aliases": [ "CVE-2005-2975" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g3h-e1td-mkad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71989?format=api", "vulnerability_id": "VCID-4bhz-zvee-53dg", "summary": "The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0010.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76477", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76505", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618260", "reference_id": "1618260", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618260" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29520.txt", "reference_id": "CVE-2007-0010;OSVDB-31621", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29520.txt" }, { "reference_url": "https://www.securityfocus.com/bid/22209/info", "reference_id": "CVE-2007-0010;OSVDB-31621", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/22209/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0019", "reference_id": "RHSA-2007:0019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0019" }, { "reference_url": "https://usn.ubuntu.com/415-1/", "reference_id": "USN-415-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/415-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6448?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.8.20-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yaa-xt8h-cycb" }, { "vulnerability": "VCID-kd8u-szc8-6kc9" }, { "vulnerability": "VCID-qtnf-u4kt-ybav" }, { "vulnerability": "VCID-u2vf-5ns6-gfdn" }, { "vulnerability": "VCID-y52c-a5zt-r7hu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.8.20-7" } ], "aliases": [ "CVE-2007-0010" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bhz-zvee-53dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69843?format=api", "vulnerability_id": "VCID-pkjt-anyv-hkfc", "summary": "Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82733", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82758", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617772", "reference_id": "1617772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617772" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431", "reference_id": "339431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431" }, { "reference_url": "https://security.gentoo.org/glsa/200511-14", "reference_id": "GLSA-200511-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200511-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:810", "reference_id": "RHSA-2005:810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:810" }, { "reference_url": "https://usn.ubuntu.com/216-1/", "reference_id": "USN-216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/216-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6448?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.8.20-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yaa-xt8h-cycb" }, { "vulnerability": "VCID-kd8u-szc8-6kc9" }, { "vulnerability": "VCID-qtnf-u4kt-ybav" }, { "vulnerability": "VCID-u2vf-5ns6-gfdn" }, { "vulnerability": "VCID-y52c-a5zt-r7hu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.8.20-7" } ], "aliases": [ "CVE-2005-2976" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkjt-anyv-hkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69844?format=api", "vulnerability_id": "VCID-uq15-6b83-vya1", "summary": "Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3186.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02224", "scoring_system": "epss", "scoring_elements": "0.84817", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02224", "scoring_system": "epss", "scoring_elements": "0.8484", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617795", "reference_id": "1617795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617795" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431", "reference_id": "339431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431" }, { "reference_url": "https://security.gentoo.org/glsa/200511-14", "reference_id": "GLSA-200511-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200511-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:810", "reference_id": "RHSA-2005:810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:811", "reference_id": "RHSA-2005:811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:811" }, { "reference_url": "https://usn.ubuntu.com/216-1/", "reference_id": "USN-216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/216-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6448?format=api", "purl": "pkg:deb/debian/gtk%2B2.0@2.8.20-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yaa-xt8h-cycb" }, { "vulnerability": "VCID-kd8u-szc8-6kc9" }, { "vulnerability": "VCID-qtnf-u4kt-ybav" }, { "vulnerability": "VCID-u2vf-5ns6-gfdn" }, { "vulnerability": "VCID-y52c-a5zt-r7hu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.8.20-7" } ], "aliases": [ "CVE-2005-3186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq15-6b83-vya1" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gtk%252B2.0@2.8.20-7" }