Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/130098?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/130098?format=api", "vulnerability_id": "VCID-pwwt-2djv-nfdj", "summary": "Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.", "aliases": [ { "alias": "CVE-2009-2484" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/942265?format=api", "purl": "pkg:deb/debian/vlc@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942266?format=api", "purl": "pkg:deb/debian/vlc@3.0.21-0%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.21-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942264?format=api", "purl": "pkg:deb/debian/vlc@3.0.22-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.22-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942268?format=api", "purl": "pkg:deb/debian/vlc@3.0.23-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942267?format=api", "purl": "pkg:deb/debian/vlc@3.0.23-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-1%3Fdistro=trixie" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98706", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.9871", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98713", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98714", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98716", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98718", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98719", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.71229", "scoring_system": "epss", "scoring_elements": "0.98723", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2484" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/16678.rb", "reference_id": "CVE-2009-2484;OSVDB-55509", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/16678.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9029.rb", "reference_id": "OSVDB-55509;CVE-2009-2484", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9029.rb" } ], "weaknesses": [], "exploits": [ { "date_added": null, "description": "This module exploits a stack-based buffer overflow in the Win32AddConnection\n function of the VideoLAN VLC media player. Versions 0.9.9 through 1.0.1 are\n reportedly affected.\n\n This vulnerability is only present in Win32 builds of VLC.\n\n This payload was found to work with the windows/exec and\n windows/meterpreter/reverse_tcp payloads. However, the\n windows/meterpreter/reverse_ord_tcp was found not to work.", "required_action": null, "due_date": null, "notes": "Reliability:\n - unknown-reliability\nStability:\n - unknown-stability\nSideEffects:\n - unknown-side-effects\n", "known_ransomware_campaign_use": false, "source_date_published": "2009-06-24", "exploit_type": null, "platform": "Windows", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/vlc_smb_uri.rb" }, { "date_added": "2010-09-20", "description": "VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2010-09-20", "exploit_type": "local", "platform": "windows_x86", "source_date_updated": "2016-09-10", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwwt-2djv-nfdj" }