Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2177?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=api", "vulnerability_id": "VCID-84nu-2fbp-qqc3", "summary": "Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine. This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font. An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.", "aliases": [ { "alias": "CVE-2010-1028" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5801?format=api", "purl": "pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37nz-p4dm-qkft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5797?format=api", "purl": "pkg:deb/debian/calibre@0.7.7%2Bdfsg-1squeeze1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37nz-p4dm-qkft" }, { "vulnerability": "VCID-84nu-2fbp-qqc3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@0.7.7%252Bdfsg-1squeeze1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5798?format=api", "purl": "pkg:deb/debian/calibre@0.8.51%2Bdfsg1-0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37nz-p4dm-qkft" }, { "vulnerability": "VCID-84nu-2fbp-qqc3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@0.8.51%252Bdfsg1-0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5799?format=api", "purl": "pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37nz-p4dm-qkft" }, { "vulnerability": "VCID-84nu-2fbp-qqc3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5800?format=api", "purl": "pkg:deb/debian/calibre@2.5.0%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37nz-p4dm-qkft" }, { "vulnerability": "VCID-84nu-2fbp-qqc3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.5.0%252Bdfsg-1" } ], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028", "reference_id": "CVE-2010-1028", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08", "reference_id": "mfsa2010-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84nu-2fbp-qqc3" }