Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/3080?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3080?format=api", "vulnerability_id": "VCID-ew15-2e35-p3g1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding a\nmalformed WebM video file. These buffer overflows result in potentially\nexploitable crashes.", "aliases": [ { "alias": "CVE-2015-4486" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6187?format=api", "purl": "pkg:deb/debian/libvpx@1.6.0-2~bpo8%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.6.0-2~bpo8%252B1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6183?format=api", "purl": "pkg:deb/debian/libvpx@0.9.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2crz-j51e-byc3" }, { "vulnerability": "VCID-cwdt-7ey1-5bax" }, { "vulnerability": "VCID-ew15-2e35-p3g1" }, { "vulnerability": "VCID-j7uq-j289-zyff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@0.9.1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6184?format=api", "purl": "pkg:deb/debian/libvpx@1.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2crz-j51e-byc3" }, { "vulnerability": "VCID-cwdt-7ey1-5bax" }, { "vulnerability": "VCID-ew15-2e35-p3g1" }, { "vulnerability": "VCID-j7uq-j289-zyff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.1.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6185?format=api", "purl": "pkg:deb/debian/libvpx@1.3.0-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2crz-j51e-byc3" }, { "vulnerability": "VCID-cwdt-7ey1-5bax" }, { "vulnerability": "VCID-ew15-2e35-p3g1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.3.0-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6186?format=api", "purl": "pkg:deb/debian/libvpx@1.3.0-3%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2crz-j51e-byc3" }, { "vulnerability": "VCID-cwdt-7ey1-5bax" }, { "vulnerability": "VCID-ew15-2e35-p3g1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvpx@1.3.0-3%252Bdeb8u1" } ], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486", "reference_id": "CVE-2015-4486", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-89", "reference_id": "mfsa2015-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-89" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ew15-2e35-p3g1" }