Vulnerability Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353752?format=api",
    "vulnerability_id": "VCID-6vp5-c27t-zkhh",
    "summary": "Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.",
    "aliases": [
        {
            "alias": "CVE-2026-33813"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103300?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=armhf&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=armhf&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103301?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=armv7&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=armv7&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103302?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=loongarch64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103303?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=ppc64le&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103305?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=s390x&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=s390x&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103307?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=x86_64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=x86_64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103299?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=aarch64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=aarch64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103304?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=riscv64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=riscv64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103306?format=api",
            "purl": "pkg:apk/alpine/rclone@1.74.0-r0?arch=x86&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.74.0-r0%3Farch=x86&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1055639?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.32.0-1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.32.0-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1062467?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.39.0-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.39.0-1%3Fdistro=trixie"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1054984?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.0~git20200119.58c2397-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2uqz-va31-ubhz"
                },
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-fj7w-564m-yuca"
                },
                {
                    "vulnerability": "VCID-h16m-x9wr-7yem"
                },
                {
                    "vulnerability": "VCID-x59b-qzje-7qf9"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.0~git20200119.58c2397-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/924160?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.0~git20200119.58c2397-1?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2uqz-va31-ubhz"
                },
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-fj7w-564m-yuca"
                },
                {
                    "vulnerability": "VCID-h16m-x9wr-7yem"
                },
                {
                    "vulnerability": "VCID-x59b-qzje-7qf9"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.0~git20200119.58c2397-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1054985?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.5.0-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2uqz-va31-ubhz"
                },
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-fj7w-564m-yuca"
                },
                {
                    "vulnerability": "VCID-h16m-x9wr-7yem"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.5.0-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/924161?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.5.0-1?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2uqz-va31-ubhz"
                },
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-fj7w-564m-yuca"
                },
                {
                    "vulnerability": "VCID-h16m-x9wr-7yem"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.5.0-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1054986?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.18.0-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.18.0-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/924163?format=api",
            "purl": "pkg:deb/debian/golang-golang-x-image@0.18.0-1?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-4wx3-ary7-2be6"
                },
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                },
                {
                    "vulnerability": "VCID-yj5c-4wbb-gbcx"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-image@0.18.0-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1103576?format=api",
            "purl": "pkg:rpm/redhat/golang1-26-main@1.26.2-1.1?arch=hum1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-6vp5-c27t-zkhh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang1-26-main@1.26.2-1.1%3Farch=hum1"
        }
    ],
    "references": [
        {
            "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33813.json",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "6.5",
                    "scoring_system": "cvssv3",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                }
            ],
            "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33813.json"
        },
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33813",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00049",
                    "scoring_system": "epss",
                    "scoring_elements": "0.15018",
                    "published_at": "2026-04-24T12:55:00Z"
                },
                {
                    "value": "0.00049",
                    "scoring_system": "epss",
                    "scoring_elements": "0.1502",
                    "published_at": "2026-04-26T12:55:00Z"
                },
                {
                    "value": "0.00064",
                    "scoring_system": "epss",
                    "scoring_elements": "0.1973",
                    "published_at": "2026-05-07T12:55:00Z"
                },
                {
                    "value": "0.00064",
                    "scoring_system": "epss",
                    "scoring_elements": "0.19744",
                    "published_at": "2026-04-29T12:55:00Z"
                },
                {
                    "value": "0.00064",
                    "scoring_system": "epss",
                    "scoring_elements": "0.19652",
                    "published_at": "2026-05-05T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33813"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33813",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33813"
        },
        {
            "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221",
            "reference_id": "2460221",
            "reference_type": "",
            "scores": [],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
        },
        {
            "reference_url": "https://go.dev/cl/759860",
            "reference_id": "759860",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.5",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:23:43Z/"
                }
            ],
            "url": "https://go.dev/cl/759860"
        },
        {
            "reference_url": "https://go.dev/issue/78407",
            "reference_id": "78407",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.5",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:23:43Z/"
                }
            ],
            "url": "https://go.dev/issue/78407"
        },
        {
            "reference_url": "https://pkg.go.dev/vuln/GO-2026-4961",
            "reference_id": "GO-2026-4961",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.5",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:23:43Z/"
                }
            ],
            "url": "https://pkg.go.dev/vuln/GO-2026-4961"
        },
        {
            "reference_url": "https://access.redhat.com/errata/RHSA-2026:8291",
            "reference_id": "RHSA-2026:8291",
            "reference_type": "",
            "scores": [],
            "url": "https://access.redhat.com/errata/RHSA-2026:8291"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 190,
            "name": "Integer Overflow or Wraparound",
            "description": "The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."
        }
    ],
    "exploits": [],
    "severity_range_score": "6.5 - 7.5",
    "exploitability": "0.5",
    "weighted_severity": "6.0",
    "risk_score": 3.0,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vp5-c27t-zkhh"
}