Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/93426?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "elfutils", "version": "0.195-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66525?format=api", "vulnerability_id": "VCID-2sga-pmv8-3uak", "summary": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28161", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28232", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538", "reference_id": "1677538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880", "reference_id": "921880", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7665" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sga-pmv8-3uak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66507?format=api", "vulnerability_id": "VCID-4ryu-xekg-zbhc", "summary": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47262", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441624", "reference_id": "1441624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441624" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859995", "reference_id": "859995", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859995" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7608" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ryu-xekg-zbhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66512?format=api", "vulnerability_id": "VCID-566a-nu92-8qcb", "summary": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00587", "scoring_system": "epss", "scoring_elements": "0.69483", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00587", "scoring_system": "epss", "scoring_elements": "0.69522", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441629", "reference_id": "1441629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441629" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990", "reference_id": "859990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7613" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-566a-nu92-8qcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66511?format=api", "vulnerability_id": "VCID-6sff-77v5-r3ax", "summary": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7612.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66987", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7612" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441628", "reference_id": "1441628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991", "reference_id": "859991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7612" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sff-77v5-r3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66517?format=api", "vulnerability_id": "VCID-7az6-1gng-6qe7", "summary": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75887", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75913", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646477", "reference_id": "1646477", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646477" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414", "reference_id": "911414", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414" }, { "reference_url": "https://security.archlinux.org/ASA-201901-3", "reference_id": "ASA-201901-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-3" }, { "reference_url": "https://security.archlinux.org/AVG-785", "reference_id": "AVG-785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18520" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7az6-1gng-6qe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66515?format=api", "vulnerability_id": "VCID-7xee-m8gf-6qh3", "summary": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28281", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28353", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625055", "reference_id": "1625055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16403" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xee-m8gf-6qh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66521?format=api", "vulnerability_id": "VCID-9d69-d773-fqeu", "summary": "An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73587", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73623", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671439", "reference_id": "1671439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671439" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7148" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d69-d773-fqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66520?format=api", "vulnerability_id": "VCID-9nvr-hhnf-u7ex", "summary": "In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41917", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671432", "reference_id": "1671432", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671432" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911", "reference_id": "920911", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7146" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nvr-hhnf-u7ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66523?format=api", "vulnerability_id": "VCID-c3rt-jxyg-m3eu", "summary": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32466", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32538", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446", "reference_id": "1671446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909", "reference_id": "920909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7150" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3rt-jxyg-m3eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66526?format=api", "vulnerability_id": "VCID-dkrw-dhc4-4fcm", "summary": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-21047", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00398", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-21047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21047" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html" }, { "reference_url": "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "reference_id": "?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/" } ], "url": "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25068", "reference_id": "show_bug.cgi?id=25068", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/" } ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25068" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93434?format=api", "purl": "pkg:deb/debian/elfutils@0.180-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.180-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-21047" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkrw-dhc4-4fcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66513?format=api", "vulnerability_id": "VCID-e5pj-9aex-qba3", "summary": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16062.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25668", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623752", "reference_id": "1623752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623752" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562", "reference_id": "907562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16062" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pj-9aex-qba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66508?format=api", "vulnerability_id": "VCID-fctx-gqty-qqbp", "summary": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7609.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7609.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44673", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44742", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7609" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441625", "reference_id": "1441625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441625" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859994", "reference_id": "859994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859994" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7609" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fctx-gqty-qqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66522?format=api", "vulnerability_id": "VCID-gv76-sbbx-ukd8", "summary": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56378", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443", "reference_id": "1671443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910", "reference_id": "920910", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7149" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv76-sbbx-ukd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66504?format=api", "vulnerability_id": "VCID-m4hb-fnwr-eber", "summary": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10254.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10254.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69955", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00603", "scoring_system": "epss", "scoring_elements": "0.69996", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10254" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435183", "reference_id": "1435183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435183" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93429?format=api", "purl": "pkg:deb/debian/elfutils@0.168-0.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10254" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4hb-fnwr-eber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66527?format=api", "vulnerability_id": "VCID-mxhh-rnud-7bdx", "summary": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33294.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33294.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05856", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05877", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33294" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html", "reference_id": "003607.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T17:05:21Z/" } ], "url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223918", "reference_id": "2223918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223918" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501", "reference_id": "show_bug.cgi?id=27501", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T17:05:21Z/" } ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93435?format=api", "purl": "pkg:deb/debian/elfutils@0.185-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.185-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-33294" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhh-rnud-7bdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66524?format=api", "vulnerability_id": "VCID-p4ma-d1c5-4bg1", "summary": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38036", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536", "reference_id": "1677536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881", "reference_id": "921881", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881" }, { "reference_url": "https://security.archlinux.org/ASA-201903-9", "reference_id": "ASA-201903-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-9" }, { "reference_url": "https://security.archlinux.org/AVG-863", "reference_id": "AVG-863", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3575", "reference_id": "RHSA-2019:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93433?format=api", "purl": "pkg:deb/debian/elfutils@0.176-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7664" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4ma-d1c5-4bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66518?format=api", "vulnerability_id": "VCID-pt99-fknz-8yb1", "summary": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28053", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28123", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646482", "reference_id": "1646482", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646482" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413", "reference_id": "911413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413" }, { "reference_url": "https://security.archlinux.org/ASA-201901-3", "reference_id": "ASA-201901-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-3" }, { "reference_url": "https://security.archlinux.org/AVG-785", "reference_id": "AVG-785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18521" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pt99-fknz-8yb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66506?format=api", "vulnerability_id": "VCID-qh5f-ujjq-a3fq", "summary": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7607.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56593", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56645", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441613", "reference_id": "1441613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441613" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996", "reference_id": "859996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7607" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh5f-ujjq-a3fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66505?format=api", "vulnerability_id": "VCID-rzdw-w882-ekd9", "summary": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66934", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435182", "reference_id": "1435182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435182" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93429?format=api", "purl": "pkg:deb/debian/elfutils@0.168-0.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzdw-w882-ekd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66510?format=api", "vulnerability_id": "VCID-s6q1-s2s7-g3g9", "summary": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53504", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7611" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441627", "reference_id": "1441627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859992", "reference_id": "859992", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859992" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7611" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6q1-s2s7-g3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66514?format=api", "vulnerability_id": "VCID-tzq2-cgg5-yya1", "summary": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83834", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83857", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625050", "reference_id": "1625050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1471", "reference_id": "RHSA-2020:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1471" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16402" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzq2-cgg5-yya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66503?format=api", "vulnerability_id": "VCID-u7as-1ckq-eqgy", "summary": "Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9447.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03517", "scoring_system": "epss", "scoring_elements": "0.87852", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03517", "scoring_system": "epss", "scoring_elements": "0.87873", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178888", "reference_id": "1178888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178888" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775536", "reference_id": "775536", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775536" }, { "reference_url": "https://usn.ubuntu.com/2482-1/", "reference_id": "USN-2482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2482-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93428?format=api", "purl": "pkg:deb/debian/elfutils@0.159-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.159-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9447" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7as-1ckq-eqgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66516?format=api", "vulnerability_id": "VCID-v6r9-9zqj-c7h1", "summary": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642604", "reference_id": "1642604", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083", "reference_id": "911083", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083" }, { "reference_url": "https://security.archlinux.org/ASA-201901-3", "reference_id": "ASA-201901-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-3" }, { "reference_url": "https://security.archlinux.org/AVG-785", "reference_id": "AVG-785", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2197", "reference_id": "RHSA-2019:2197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "reference_url": "https://usn.ubuntu.com/4012-1/", "reference_id": "USN-4012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4012-1/" }, { "reference_url": "https://usn.ubuntu.com/6322-1/", "reference_id": "USN-6322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93431?format=api", "purl": "pkg:deb/debian/elfutils@0.175-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18310" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6r9-9zqj-c7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66519?format=api", "vulnerability_id": "VCID-vsc2-c98t-2qfq", "summary": "elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37702", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37793", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8769" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559241", "reference_id": "1559241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559241" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93432?format=api", "purl": "pkg:deb/debian/elfutils@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsc2-c98t-2qfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66509?format=api", "vulnerability_id": "VCID-xu38-1648-eqde", "summary": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7610.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66987", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441626", "reference_id": "1441626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441626" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859993", "reference_id": "859993", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859993" }, { "reference_url": "https://security.gentoo.org/glsa/201710-10", "reference_id": "GLSA-201710-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-10" }, { "reference_url": "https://usn.ubuntu.com/3670-1/", "reference_id": "USN-3670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93430?format=api", "purl": "pkg:deb/debian/elfutils@0.168-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7610" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xu38-1648-eqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66502?format=api", "vulnerability_id": "VCID-ykz9-xxnj-uqft", "summary": "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0172.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01832", "scoring_system": "epss", "scoring_elements": "0.83261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01832", "scoring_system": "epss", "scoring_elements": "0.83287", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663", "reference_id": "1085663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744017", "reference_id": "744017", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744017" }, { "reference_url": "https://security.gentoo.org/glsa/201612-32", "reference_id": "GLSA-201612-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-32" }, { "reference_url": "https://usn.ubuntu.com/2188-1/", "reference_id": "USN-2188-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2188-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93424?format=api", "purl": "pkg:deb/debian/elfutils@0.158-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.158-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93425?format=api", "purl": "pkg:deb/debian/elfutils@0.183-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mxhh-rnud-7bdx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93423?format=api", "purl": "pkg:deb/debian/elfutils@0.188-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93427?format=api", "purl": "pkg:deb/debian/elfutils@0.192-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93426?format=api", "purl": "pkg:deb/debian/elfutils@0.195-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0172" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykz9-xxnj-uqft" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie" }