Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/93520?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93520?format=api", "vulnerability_id": "VCID-fnec-475d-q3gf", "summary": "Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.", "aliases": [ { "alias": "CVE-2009-1301" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/116793?format=api", "purl": "pkg:deb/debian/mpg123@1.7.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.7.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/516658?format=api", "purl": "pkg:deb/debian/mpg123@1.12.1-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-u85u-m4n7-sya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.12.1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/116770?format=api", "purl": "pkg:deb/debian/mpg123@1.26.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.26.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/116768?format=api", "purl": "pkg:deb/debian/mpg123@1.31.2-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.31.2-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/116773?format=api", "purl": "pkg:deb/debian/mpg123@1.32.10-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.32.10-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/116771?format=api", "purl": "pkg:deb/debian/mpg123@1.33.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.33.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/193098?format=api", "purl": "pkg:ebuild/media-sound/mpg123@1.7.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-sound/mpg123@1.7.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516651?format=api", "purl": "pkg:deb/debian/mpg123@0.59o-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-858p-d89j-1fcf" }, { "vulnerability": "VCID-88ns-znrm-f3e6" }, { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cdqa-gapb-gkfb" }, { "vulnerability": "VCID-cqsb-s171-4khu" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-etwe-38ku-v3en" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-k2pp-dxbk-tbhx" }, { "vulnerability": "VCID-pb63-c6sn-dqfm" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-tbjb-2963-hue7" }, { "vulnerability": "VCID-u85u-m4n7-sya3" }, { "vulnerability": "VCID-zfpw-4qs9-nudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59o-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516652?format=api", "purl": "pkg:deb/debian/mpg123@0.59o-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-858p-d89j-1fcf" }, { "vulnerability": "VCID-88ns-znrm-f3e6" }, { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cdqa-gapb-gkfb" }, { "vulnerability": "VCID-cqsb-s171-4khu" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-etwe-38ku-v3en" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-k2pp-dxbk-tbhx" }, { "vulnerability": "VCID-pb63-c6sn-dqfm" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-tbjb-2963-hue7" }, { "vulnerability": "VCID-u85u-m4n7-sya3" }, { "vulnerability": "VCID-zfpw-4qs9-nudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59o-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/516653?format=api", "purl": "pkg:deb/debian/mpg123@0.59q-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-858p-d89j-1fcf" }, { "vulnerability": "VCID-88ns-znrm-f3e6" }, { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cdqa-gapb-gkfb" }, { "vulnerability": "VCID-cqsb-s171-4khu" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-etwe-38ku-v3en" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-k2pp-dxbk-tbhx" }, { "vulnerability": "VCID-pb63-c6sn-dqfm" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-tbjb-2963-hue7" }, { "vulnerability": "VCID-u85u-m4n7-sya3" }, { "vulnerability": "VCID-zfpw-4qs9-nudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59q-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/516654?format=api", "purl": "pkg:deb/debian/mpg123@0.59r-13woody4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-858p-d89j-1fcf" }, { "vulnerability": "VCID-88ns-znrm-f3e6" }, { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cdqa-gapb-gkfb" }, { "vulnerability": "VCID-cqsb-s171-4khu" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-etwe-38ku-v3en" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-k2pp-dxbk-tbhx" }, { "vulnerability": "VCID-pb63-c6sn-dqfm" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-u85u-m4n7-sya3" }, { "vulnerability": "VCID-zfpw-4qs9-nudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59r-13woody4" }, { "url": "http://public2.vulnerablecode.io/api/packages/516655?format=api", "purl": "pkg:deb/debian/mpg123@0.59r-20sarge1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cqsb-s171-4khu" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-k2pp-dxbk-tbhx" }, { "vulnerability": "VCID-pb63-c6sn-dqfm" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-u85u-m4n7-sya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59r-20sarge1" }, { "url": "http://public2.vulnerablecode.io/api/packages/516656?format=api", "purl": "pkg:deb/debian/mpg123@0.61-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-u85u-m4n7-sya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.61-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/516657?format=api", "purl": "pkg:deb/debian/mpg123@1.4.3-4lenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2uw-ydsg-fbau" }, { "vulnerability": "VCID-cv5f-xysy-mfgb" }, { "vulnerability": "VCID-d58a-h7ew-buhk" }, { "vulnerability": "VCID-d5pc-yexh-2kby" }, { "vulnerability": "VCID-fnec-475d-q3gf" }, { "vulnerability": "VCID-rgue-duz7-fkcw" }, { "vulnerability": "VCID-sxrg-nt5k-3ffx" }, { "vulnerability": "VCID-t816-d94b-rfb4" }, { "vulnerability": "VCID-u85u-m4n7-sya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.4.3-4lenny1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08801", "scoring_system": "epss", "scoring_elements": "0.9267", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08801", "scoring_system": "epss", "scoring_elements": "0.92682", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08801", "scoring_system": "epss", "scoring_elements": "0.92678", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08801", "scoring_system": "epss", "scoring_elements": "0.92674", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301" }, { "reference_url": "https://security.gentoo.org/glsa/200904-15", "reference_id": "GLSA-200904-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-15" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.1", "risk_score": 0.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnec-475d-q3gf" }