Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63716?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63716?format=api", "vulnerability_id": "VCID-t7wm-9sa4-2yff", "summary": "Security researcher Ronald Crane reported two issues in the libGLES\nportions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows\nsystems. The first of these is a missing bounds check leading to memory safety errors when\nmanipulating shaders which could result in the writing to unowned memory. The second issue\nalso affects shaders when insufficient memory is allocated for a shader attribute array,\nleading to a buffer overflow. Both of these issues can lead to a potentially exploitable\ncrash.\nThese issues are specific to Windows and does not affect Linux or OS X\nsystems.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "aliases": [ { "alias": "CVE-2015-7178" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86814?format=api", "purl": "pkg:mozilla/Firefox@41.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@41.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86815?format=api", "purl": "pkg:mozilla/Firefox%20ESR@38.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86808?format=api", "purl": "pkg:mozilla/SeaMonkey@2.38.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.38.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86816?format=api", "purl": "pkg:mozilla/Thunderbird@38.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.3.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.8133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81291", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.8127", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81307", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81308", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265201", "reference_id": "1265201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7178", "reference_id": "CVE-2015-7178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7178" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-113", "reference_id": "mfsa2015-113", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-113" } ], "weaknesses": [ { "cwe_id": 805, "name": "Buffer Access with Incorrect Length Value", "description": "The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t7wm-9sa4-2yff" }