{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","type":"deb","namespace":"debian","name":"libarchive","version":"3.4.3-2+deb11u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.3-2+deb11u2","latest_non_vulnerable_version":"3.8.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75530?format=json","vulnerability_id":"VCID-1pp8-5uev-z7b4","summary":"A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1632.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1632","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07261","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07292","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07249","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103494","reference_id":"1103494","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103494"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347309","reference_id":"2347309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347309"},{"reference_url":"https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc","reference_id":"bsdunzip-poc","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T14:25:28Z/"}],"url":"https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc"},{"reference_url":"https://vuldb.com/?ctiid.296619","reference_id":"?ctiid.296619","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T14:25:28Z/"}],"url":"https://vuldb.com/?ctiid.296619"},{"reference_url":"https://vuldb.com/?id.296619","reference_id":"?id.296619","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T14:25:28Z/"}],"url":"https://vuldb.com/?id.296619"},{"reference_url":"https://vuldb.com/?submit.496460","reference_id":"?submit.496460","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T14:25:28Z/"}],"url":"https://vuldb.com/?submit.496460"},{"reference_url":"https://usn.ubuntu.com/7454-1/","reference_id":"USN-7454-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7454-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101201?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-1632"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pp8-5uev-z7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72709?format=json","vulnerability_id":"VCID-9uqp-6xsc-g7c1","summary":"libarchive: bsdtar hangs and OOMs with zero-length pattern matches","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60753.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60753","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07777","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07823","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07836","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07808","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07762","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412648","reference_id":"2412648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412648"},{"reference_url":"https://github.com/libarchive/libarchive/issues/2725","reference_id":"2725","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-05T15:39:22Z/"}],"url":"https://github.com/libarchive/libarchive/issues/2725"},{"reference_url":"https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753","reference_id":"CVE-2025-60753","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-05T15:39:22Z/"}],"url":"https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8944","reference_id":"RHSA-2026:8944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8944"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101202?format=json","purl":"pkg:deb/debian/libarchive@3.8.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-60753"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uqp-6xsc-g7c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75531?format=json","vulnerability_id":"VCID-evkf-vrqz-kkca","summary":"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25724.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25724","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08554","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08574","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0859","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08568","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0852","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25724"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103479","reference_id":"1103479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349221","reference_id":"2349221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349221"},{"reference_url":"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92","reference_id":"a83870ce7f3b7813b9b462a395e8ad92","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T19:00:32Z/"}],"url":"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"},{"reference_url":"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug","reference_id":"bsdtarbug","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T19:00:32Z/"}],"url":"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11487","reference_id":"RHSA-2025:11487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9420","reference_id":"RHSA-2025:9420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9431","reference_id":"RHSA-2025:9431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24383","reference_id":"RHSA-2026:24383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24383"},{"reference_url":"https://usn.ubuntu.com/7454-1/","reference_id":"USN-7454-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7454-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"},{"reference_url":"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752","reference_id":"util.c#L751-L752","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T19:00:32Z/"}],"url":"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101202?format=json","purl":"pkg:deb/debian/libarchive@3.8.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-25724"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evkf-vrqz-kkca"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75520?format=json","vulnerability_id":"VCID-1sku-8uy9-mqf9","summary":"Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37407.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37407","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6835","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68366","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68373","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68365","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2145","reference_id":"2145","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T20:12:02Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2145"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292307","reference_id":"2292307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292307"},{"reference_url":"https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0","reference_id":"b6a979481b7d77c12fa17bbed94576b63bbcb0c0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T20:12:02Z/"}],"url":"https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.7.4","reference_id":"v3.7.4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T20:12:02Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.7.4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-37407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sku-8uy9-mqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75412?format=json","vulnerability_id":"VCID-1w1u-kykq-hbbd","summary":"Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4666.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4666","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62608","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62654","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62653","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62638","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62652","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4666"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669197","reference_id":"669197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849","reference_id":"705849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849"},{"reference_url":"https://security.gentoo.org/glsa/201406-02","reference_id":"GLSA-201406-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101169?format=json","purl":"pkg:deb/debian/libarchive@3.0.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.0.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4666"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1w1u-kykq-hbbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75536?format=json","vulnerability_id":"VCID-1zjd-nfwk-1bhy","summary":"A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5917.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5917.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5917","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30115","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30196","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30161","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3013","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.301","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107626","reference_id":"1107626","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107626"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370874","reference_id":"2370874","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370874"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2588","reference_id":"2588","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2588"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5917","reference_id":"CVE-2025-5917","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5917"},{"reference_url":"https://usn.ubuntu.com/7601-1/","reference_id":"USN-7601-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7601-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","reference_id":"v3.8.0","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101204?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101203?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101205?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5917"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zjd-nfwk-1bhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75409?format=json","vulnerability_id":"VCID-22j3-qvpq-pkaw","summary":"archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3641","reference_id":"","reference_type":"","scores":[{"value":"0.37158","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-06-04T12:55:00Z"},{"value":"0.37158","scoring_system":"epss","scoring_elements":"0.97255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.37158","scoring_system":"epss","scoring_elements":"0.97256","published_at":"2026-06-06T12:55:00Z"},{"value":"0.37158","scoring_system":"epss","scoring_elements":"0.97258","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924","reference_id":"432924","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"},{"reference_url":"https://security.gentoo.org/glsa/200708-03","reference_id":"GLSA-200708-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101168?format=json","purl":"pkg:deb/debian/libarchive@2.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@2.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3641"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22j3-qvpq-pkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75508?format=json","vulnerability_id":"VCID-24dh-btpb-7yg5","summary":"In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19221.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19221","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24818","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24913","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24902","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24845","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24787","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24795","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19221"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801635","reference_id":"1801635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801635"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287","reference_id":"945287","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4443","reference_id":"RHSA-2020:4443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4443"},{"reference_url":"https://usn.ubuntu.com/4293-1/","reference_id":"USN-4293-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4293-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101191?format=json","purl":"pkg:deb/debian/libarchive@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2019-19221"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24dh-btpb-7yg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75411?format=json","vulnerability_id":"VCID-24wn-pn5b-mydm","summary":"archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3645","reference_id":"","reference_type":"","scores":[{"value":"0.12436","scoring_system":"epss","scoring_elements":"0.94036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12436","scoring_system":"epss","scoring_elements":"0.94045","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12436","scoring_system":"epss","scoring_elements":"0.94044","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12436","scoring_system":"epss","scoring_elements":"0.94046","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12436","scoring_system":"epss","scoring_elements":"0.94051","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924","reference_id":"432924","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"},{"reference_url":"https://security.gentoo.org/glsa/200708-03","reference_id":"GLSA-200708-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101168?format=json","purl":"pkg:deb/debian/libarchive@2.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@2.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3645"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24wn-pn5b-mydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53712?format=json","vulnerability_id":"VCID-28j8-dvdr-s7ge","summary":"Out-of-bounds Write\nHeap-based buffer overflow in `archive_string_append_from_wcs()` allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21674.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21674","reference_id":"","reference_type":"","scores":[{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82374","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82401","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.824","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82398","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82391","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82406","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21674"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888786","reference_id":"1888786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888786"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21674","reference_id":"CVE-2020-21674","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21674"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2020-21674"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28j8-dvdr-s7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75434?format=json","vulnerability_id":"VCID-2ft9-vcef-dkau","summary":"The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8919.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8919.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8919","reference_id":"","reference_type":"","scores":[{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91232","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91244","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91245","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91242","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91238","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0645","scoring_system":"epss","scoring_elements":"0.91253","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348414","reference_id":"1348414","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348414"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8919"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft9-vcef-dkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75532?format=json","vulnerability_id":"VCID-2jra-hgx1-akc2","summary":"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5914.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5914","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29655","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29743","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29707","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29674","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29641","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107621","reference_id":"1107621","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107621"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861","reference_id":"2370861","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2598","reference_id":"2598","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2598"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9","reference_id":"cpe:/a:redhat:cert_manager:1.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:confidential_compute_attestation:1.10::el9","reference_id":"cpe:/a:redhat:confidential_compute_attestation:1.10::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:confidential_compute_attestation:1.10::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9","reference_id":"cpe:/a:redhat:openshift:4.20::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9","reference_id":"cpe:/a:redhat:openshift_compliance_operator:1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8","reference_id":"cpe:/a:redhat:openshift_distributed_tracing:3.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_id":"cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.36::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.4::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9","reference_id":"cpe:/a:redhat:webterminal:1.11::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9","reference_id":"cpe:/a:redhat:webterminal:1.12::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5914","reference_id":"CVE-2025-5914","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14130","reference_id":"RHSA-2025:14130","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14135","reference_id":"RHSA-2025:14135","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14137","reference_id":"RHSA-2025:14137","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14141","reference_id":"RHSA-2025:14141","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14142","reference_id":"RHSA-2025:14142","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14525","reference_id":"RHSA-2025:14525","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14528","reference_id":"RHSA-2025:14528","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14594","reference_id":"RHSA-2025:14594","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14644","reference_id":"RHSA-2025:14644","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14808","reference_id":"RHSA-2025:14808","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14810","reference_id":"RHSA-2025:14810","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14828","reference_id":"RHSA-2025:14828","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15024","reference_id":"RHSA-2025:15024","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15397","reference_id":"RHSA-2025:15397","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15709","reference_id":"RHSA-2025:15709","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15827","reference_id":"RHSA-2025:15827","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15828","reference_id":"RHSA-2025:15828","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16524","reference_id":"RHSA-2025:16524","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18217","reference_id":"RHSA-2025:18217","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:18217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18218","reference_id":"RHSA-2025:18218","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:18218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19041","reference_id":"RHSA-2025:19041","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19046","reference_id":"RHSA-2025:19046","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21885","reference_id":"RHSA-2025:21885","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21913","reference_id":"RHSA-2025:21913","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0326","reference_id":"RHSA-2026:0326","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1541","reference_id":"RHSA-2026:1541","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"reference_url":"https://usn.ubuntu.com/7601-1/","reference_id":"USN-7601-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7601-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","reference_id":"v3.8.0","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101204?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101203?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101205?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5914"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jra-hgx1-akc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75507?format=json","vulnerability_id":"VCID-2kce-56xs-abaz","summary":"archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18408.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18408","reference_id":"","reference_type":"","scores":[{"value":"0.04588","scoring_system":"epss","scoring_elements":"0.89416","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04588","scoring_system":"epss","scoring_elements":"0.89434","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04588","scoring_system":"epss","scoring_elements":"0.89432","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04588","scoring_system":"epss","scoring_elements":"0.8945","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1769979","reference_id":"1769979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1769979"},{"reference_url":"https://security.gentoo.org/glsa/202003-28","reference_id":"GLSA-202003-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0203","reference_id":"RHSA-2020:0203","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0246","reference_id":"RHSA-2020:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0271","reference_id":"RHSA-2020:0271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0271"},{"reference_url":"https://usn.ubuntu.com/4169-1/","reference_id":"USN-4169-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4169-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101190?format=json","purl":"pkg:deb/debian/libarchive@3.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2019-18408"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kce-56xs-abaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75510?format=json","vulnerability_id":"VCID-37wa-xumu-bber","summary":"An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31566.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31566","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11817","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11901","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11895","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11858","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11777","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11788","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043"},{"reference_url":"https://github.com/libarchive/libarchive/issues/1566","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/issues/1566"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001990","reference_id":"1001990","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024237","reference_id":"2024237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024237"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-31566","reference_id":"CVE-2021-31566","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2021-31566"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31566","reference_id":"CVE-2021-31566","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31566"},{"reference_url":"https://security.gentoo.org/glsa/202208-26","reference_id":"GLSA-202208-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0892","reference_id":"RHSA-2022:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0892"},{"reference_url":"https://usn.ubuntu.com/5291-1/","reference_id":"USN-5291-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5291-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101193?format=json","purl":"pkg:deb/debian/libarchive@3.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2021-31566"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37wa-xumu-bber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75478?format=json","vulnerability_id":"VCID-3b8j-qwkk-7yem","summary":"libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7166","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58628","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58675","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58659","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58682","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58674","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347086","reference_id":"1347086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347086"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-7166"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b8j-qwkk-7yem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75445?format=json","vulnerability_id":"VCID-3cwa-fj97-mue9","summary":"bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8930.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8930","reference_id":"","reference_type":"","scores":[{"value":"0.04803","scoring_system":"epss","scoring_elements":"0.89676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04803","scoring_system":"epss","scoring_elements":"0.89693","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04803","scoring_system":"epss","scoring_elements":"0.8971","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04803","scoring_system":"epss","scoring_elements":"0.89694","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04803","scoring_system":"epss","scoring_elements":"0.89695","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349204","reference_id":"1349204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349204"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8930"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cwa-fj97-mue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6889?format=json","vulnerability_id":"VCID-3e6j-4j26-auhz","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36976.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36976","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40948","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40977","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40997","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40966","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41025","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41029","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984646","reference_id":"1984646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991442","reference_id":"991442","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991442"},{"reference_url":"https://security.archlinux.org/AVG-2176","reference_id":"AVG-2176","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2176"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36976","reference_id":"CVE-2021-36976","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36976"},{"reference_url":"https://security.gentoo.org/glsa/202208-26","reference_id":"GLSA-202208-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-26"},{"reference_url":"https://usn.ubuntu.com/5291-1/","reference_id":"USN-5291-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5291-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101195?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101194?format=json","purl":"pkg:deb/debian/libarchive@3.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2021-36976"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e6j-4j26-auhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52276?format=json","vulnerability_id":"VCID-3tqx-5ms2-akg3","summary":"Improper Input Validation\n`archive_read_support_format_rar5.c` in libarchive attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a `SIGSEGV` or possibly unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9308.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9308","reference_id":"","reference_type":"","scores":[{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72365","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72406","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72379","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72403","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9308"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805963","reference_id":"1805963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805963"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951759","reference_id":"951759","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9308","reference_id":"CVE-2020-9308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9308"},{"reference_url":"https://security.gentoo.org/glsa/202003-28","reference_id":"GLSA-202003-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-28"},{"reference_url":"https://usn.ubuntu.com/4293-1/","reference_id":"USN-4293-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4293-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101192?format=json","purl":"pkg:deb/debian/libarchive@3.4.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2020-9308"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqx-5ms2-akg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75443?format=json","vulnerability_id":"VCID-4hvy-whmq-53ft","summary":"The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8928.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8928","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53023","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53084","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53048","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53091","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53073","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348429","reference_id":"1348429","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348429"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8928"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hvy-whmq-53ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75433?format=json","vulnerability_id":"VCID-4nc8-2xm1-z3ar","summary":"The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to \"overlapping memcpy.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8918.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8918","reference_id":"","reference_type":"","scores":[{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85817","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85839","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85841","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85837","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85822","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02569","scoring_system":"epss","scoring_elements":"0.85836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348770","reference_id":"1348770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348770"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8918"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nc8-2xm1-z3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6184?format=json","vulnerability_id":"VCID-4t89-41bc-3ba8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000020.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1000020","reference_id":"","reference_type":"","scores":[{"value":"0.00903","scoring_system":"epss","scoring_elements":"0.7609","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00903","scoring_system":"epss","scoring_elements":"0.76121","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00903","scoring_system":"epss","scoring_elements":"0.76108","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00903","scoring_system":"epss","scoring_elements":"0.76096","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00903","scoring_system":"epss","scoring_elements":"0.76116","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1000020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672888","reference_id":"1672888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672888"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2298","reference_id":"RHSA-2019:2298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3698","reference_id":"RHSA-2019:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3698"},{"reference_url":"https://usn.ubuntu.com/3884-1/","reference_id":"USN-3884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3884-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101189?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2019-1000020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4t89-41bc-3ba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75451?format=json","vulnerability_id":"VCID-5rvq-dzxr-ckb7","summary":"The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8934.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8934","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56557","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5661","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56616","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56605","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5659","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56608","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349229","reference_id":"1349229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349229"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8934"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5rvq-dzxr-ckb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75459?format=json","vulnerability_id":"VCID-5tcn-ytvt-23bk","summary":"Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1541.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1541","reference_id":"","reference_type":"","scores":[{"value":"0.12269","scoring_system":"epss","scoring_elements":"0.93989","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12269","scoring_system":"epss","scoring_elements":"0.93997","published_at":"2026-06-05T12:55:00Z"},{"value":"0.12269","scoring_system":"epss","scoring_elements":"0.94003","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12269","scoring_system":"epss","scoring_elements":"0.93996","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12269","scoring_system":"epss","scoring_elements":"0.93998","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334211","reference_id":"1334211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334211"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823893","reference_id":"823893","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823893"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/2981-1/","reference_id":"USN-2981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2981-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101178?format=json","purl":"pkg:deb/debian/libarchive@3.1.2-11.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-1541"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tcn-ytvt-23bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75528?format=json","vulnerability_id":"VCID-5vnj-78x4-n7bd","summary":"execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48958.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48958","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23728","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23842","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23826","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23777","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23723","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48958"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084978","reference_id":"1084978","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084978"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2148","reference_id":"2148","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:35:05Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2148"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317728","reference_id":"2317728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317728"},{"reference_url":"https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958","reference_id":"CVE-2024-48958","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:35:05Z/"}],"url":"https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958"},{"reference_url":"https://usn.ubuntu.com/7070-1/","reference_id":"USN-7070-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7070-1/"},{"reference_url":"https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5","reference_id":"v3.7.4...v3.7.5","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:35:05Z/"}],"url":"https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101199?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101200?format=json","purl":"pkg:deb/debian/libarchive@3.7.2-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.2-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vnj-78x4-n7bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75422?format=json","vulnerability_id":"VCID-61t7-w7h4-c7hy","summary":"Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0211.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0211","reference_id":"","reference_type":"","scores":[{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.79212","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.79239","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.79244","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.79236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01196","scoring_system":"epss","scoring_elements":"0.79225","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703957","reference_id":"703957","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=902998","reference_id":"902998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=902998"},{"reference_url":"https://security.gentoo.org/glsa/201406-02","reference_id":"GLSA-201406-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-02"},{"reference_url":"https://usn.ubuntu.com/2549-1/","reference_id":"USN-2549-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2549-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101171?format=json","purl":"pkg:deb/debian/libarchive@3.0.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.0.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0211"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61t7-w7h4-c7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75534?format=json","vulnerability_id":"VCID-6fu1-u451-13bk","summary":"A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5916.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5916","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27457","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27588","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27537","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2745","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107623","reference_id":"1107623","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107623"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370872","reference_id":"2370872","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370872"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2568","reference_id":"2568","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5916","reference_id":"CVE-2025-5916","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5916"},{"reference_url":"https://usn.ubuntu.com/7601-1/","reference_id":"USN-7601-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7601-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","reference_id":"v3.8.0","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101204?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101203?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101205?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5916"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fu1-u451-13bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75417?format=json","vulnerability_id":"VCID-6k1s-aggu-77h1","summary":"Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1778.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1778","reference_id":"","reference_type":"","scores":[{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86878","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.869","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86897","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86893","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86883","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86896","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1778"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651844","reference_id":"651844","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849","reference_id":"705849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849"},{"reference_url":"https://security.gentoo.org/glsa/201406-02","reference_id":"GLSA-201406-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1507","reference_id":"RHSA-2011:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1507"},{"reference_url":"https://usn.ubuntu.com/1310-1/","reference_id":"USN-1310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101170?format=json","purl":"pkg:deb/debian/libarchive@2.8.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@2.8.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1778"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6k1s-aggu-77h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75529?format=json","vulnerability_id":"VCID-8jhb-ez6b-1ug5","summary":"libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57970.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57970","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03707","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03727","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0373","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03719","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03695","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57970"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345954","reference_id":"2345954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345954"},{"reference_url":"https://github.com/libarchive/libarchive/issues/2415","reference_id":"2415","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T14:31:27Z/"}],"url":"https://github.com/libarchive/libarchive/issues/2415"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2422","reference_id":"2422","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T14:31:27Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7510","reference_id":"RHSA-2025:7510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-57970"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jhb-ez6b-1ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75468?format=json","vulnerability_id":"VCID-8mvg-64ae-37b7","summary":"The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4809.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4809","reference_id":"","reference_type":"","scores":[{"value":"0.0313","scoring_system":"epss","scoring_elements":"0.87101","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0313","scoring_system":"epss","scoring_elements":"0.87123","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0313","scoring_system":"epss","scoring_elements":"0.87112","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0313","scoring_system":"epss","scoring_elements":"0.87121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0313","scoring_system":"epss","scoring_elements":"0.87116","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347084","reference_id":"1347084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347084"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4809"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mvg-64ae-37b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75420?format=json","vulnerability_id":"VCID-9xwe-zk1m-kqar","summary":"Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1779.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1779","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64343","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64387","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64396","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64385","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64374","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64394","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669197","reference_id":"669197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849","reference_id":"705849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849"},{"reference_url":"https://security.gentoo.org/glsa/201406-02","reference_id":"GLSA-201406-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101169?format=json","purl":"pkg:deb/debian/libarchive@3.0.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.0.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1779"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xwe-zk1m-kqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75465?format=json","vulnerability_id":"VCID-at9e-fmp1-efcy","summary":"Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4302.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4302","reference_id":"","reference_type":"","scores":[{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81214","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81242","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81244","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81241","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81254","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348444","reference_id":"1348444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348444"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4302"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at9e-fmp1-efcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75408?format=json","vulnerability_id":"VCID-auj1-aw98-qqaz","summary":"The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5680","reference_id":"","reference_type":"","scores":[{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74193","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74226","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.7423","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74217","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74199","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101164?format=json","purl":"pkg:deb/debian/libarchive@1.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@1.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2006-5680"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auj1-aw98-qqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64801?format=json","vulnerability_id":"VCID-b72d-fhvw-nqb2","summary":"libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4424.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4424","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27209","published_at":"2026-06-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27338","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27287","published_at":"2026-06-06T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27199","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131446","reference_id":"1131446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131446"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449006","reference_id":"2449006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449006"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2898","reference_id":"2898","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2898"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.3::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.4::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9","reference_id":"cpe:/a:redhat:rhui:5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0","reference_id":"cpe:/o:redhat:enterprise_linux_eus:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4424","reference_id":"CVE-2026-4424","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11768","reference_id":"RHSA-2026:11768","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12071","reference_id":"RHSA-2026:12071","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16030","reference_id":"RHSA-2026:16030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19724","reference_id":"RHSA-2026:19724","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19725","reference_id":"RHSA-2026:19725","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20040","reference_id":"RHSA-2026:20040","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:20040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21690","reference_id":"RHSA-2026:21690","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:21690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8492","reference_id":"RHSA-2026:8492","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8510","reference_id":"RHSA-2026:8510","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8517","reference_id":"RHSA-2026:8517","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8521","reference_id":"RHSA-2026:8521","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8534","reference_id":"RHSA-2026:8534","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8864","reference_id":"RHSA-2026:8864","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8865","reference_id":"RHSA-2026:8865","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8866","reference_id":"RHSA-2026:8866","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8867","reference_id":"RHSA-2026:8867","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8873","reference_id":"RHSA-2026:8873","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8908","reference_id":"RHSA-2026:8908","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8944","reference_id":"RHSA-2026:8944","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9026","reference_id":"RHSA-2026:9026","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9592","reference_id":"RHSA-2026:9592","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9832","reference_id":"RHSA-2026:9832","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9832"},{"reference_url":"https://usn.ubuntu.com/8292-1/","reference_id":"USN-8292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8292-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101206?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4424"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b72d-fhvw-nqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75456?format=json","vulnerability_id":"VCID-bb9k-aw7s-gqg9","summary":"The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10350.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10350.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10350","reference_id":"","reference_type":"","scores":[{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77184","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77216","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77205","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77226","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77214","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449530","reference_id":"1449530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609","reference_id":"861609","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609"},{"reference_url":"https://security.gentoo.org/glsa/201710-19","reference_id":"GLSA-201710-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-19"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101177?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10350"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb9k-aw7s-gqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75476?format=json","vulnerability_id":"VCID-cny6-pqmg-kba4","summary":"Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6250","reference_id":"","reference_type":"","scores":[{"value":"0.02708","scoring_system":"epss","scoring_elements":"0.86179","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02708","scoring_system":"epss","scoring_elements":"0.862","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02708","scoring_system":"epss","scoring_elements":"0.86186","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02708","scoring_system":"epss","scoring_elements":"0.86203","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02708","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347085","reference_id":"1347085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347085"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6250"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cny6-pqmg-kba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64042?format=json","vulnerability_id":"VCID-d7x6-bkm5-nbbb","summary":"libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5121.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5121","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17566","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1763","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20269","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133002","reference_id":"1133002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452945","reference_id":"2452945","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452945"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2934","reference_id":"2934","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2934"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.3::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.4::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9","reference_id":"cpe:/a:redhat:rhui:5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-5121","reference_id":"CVE-2026-5121","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-5121"},{"reference_url":"https://github.com/advisories/GHSA-2vwv-vqpv-v8vc","reference_id":"GHSA-2vwv-vqpv-v8vc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://github.com/advisories/GHSA-2vwv-vqpv-v8vc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11768","reference_id":"RHSA-2026:11768","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12071","reference_id":"RHSA-2026:12071","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16030","reference_id":"RHSA-2026:16030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19724","reference_id":"RHSA-2026:19724","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19725","reference_id":"RHSA-2026:19725","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20040","reference_id":"RHSA-2026:20040","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:20040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21690","reference_id":"RHSA-2026:21690","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:21690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8510","reference_id":"RHSA-2026:8510","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8517","reference_id":"RHSA-2026:8517","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8521","reference_id":"RHSA-2026:8521","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8534","reference_id":"RHSA-2026:8534","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8864","reference_id":"RHSA-2026:8864","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8866","reference_id":"RHSA-2026:8866","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8867","reference_id":"RHSA-2026:8867","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8873","reference_id":"RHSA-2026:8873","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8908","reference_id":"RHSA-2026:8908","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8944","reference_id":"RHSA-2026:8944","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9026","reference_id":"RHSA-2026:9026","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9592","reference_id":"RHSA-2026:9592","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9832","reference_id":"RHSA-2026:9832","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9832"},{"reference_url":"https://usn.ubuntu.com/8292-1/","reference_id":"USN-8292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8292-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101206?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2026-5121"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7x6-bkm5-nbbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75505?format=json","vulnerability_id":"VCID-ddn9-csap-n7c7","summary":"A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11463.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11463","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41502","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41476","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41445","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41456","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702204","reference_id":"1702204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddn9-csap-n7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75483?format=json","vulnerability_id":"VCID-ds4r-cxqd-33c4","summary":"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14166.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14166","reference_id":"","reference_type":"","scores":[{"value":"0.0229","scoring_system":"epss","scoring_elements":"0.85005","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0229","scoring_system":"epss","scoring_elements":"0.85029","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0229","scoring_system":"epss","scoring_elements":"0.85018","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0229","scoring_system":"epss","scoring_elements":"0.85033","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0229","scoring_system":"epss","scoring_elements":"0.85028","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489852","reference_id":"1489852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489852"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874539","reference_id":"874539","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874539"},{"reference_url":"https://security.gentoo.org/glsa/201908-11","reference_id":"GLSA-201908-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-11"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101177?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14166"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ds4r-cxqd-33c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75480?format=json","vulnerability_id":"VCID-eah1-4b6g-2ban","summary":"Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8687.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8687","reference_id":"","reference_type":"","scores":[{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80601","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80642","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80623","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80629","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377926","reference_id":"1377926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377926"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840936","reference_id":"840936","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840936"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101180?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8687"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eah1-4b6g-2ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75425?format=json","vulnerability_id":"VCID-fj5z-72gm-1yhx","summary":"Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2304","reference_id":"","reference_type":"","scores":[{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86776","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86798","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86792","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86782","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02978","scoring_system":"epss","scoring_elements":"0.86794","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1192482","reference_id":"1192482","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1192482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266","reference_id":"778266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://usn.ubuntu.com/2549-1/","reference_id":"USN-2549-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2549-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101172?format=json","purl":"pkg:deb/debian/libarchive@3.1.2-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2304"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5z-72gm-1yhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75484?format=json","vulnerability_id":"VCID-g4hd-5kt2-wuc1","summary":"An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14501.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14501","reference_id":"","reference_type":"","scores":[{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.7019","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70235","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70224","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70212","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70233","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70241","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494460","reference_id":"1494460","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875966","reference_id":"875966","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875966"},{"reference_url":"https://security.gentoo.org/glsa/201908-11","reference_id":"GLSA-201908-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-11"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101184?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-4.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-4.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14501"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4hd-5kt2-wuc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75470?format=json","vulnerability_id":"VCID-g5gx-6cyn-wkda","summary":"The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5418","reference_id":"","reference_type":"","scores":[{"value":"0.03788","scoring_system":"epss","scoring_elements":"0.88316","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03788","scoring_system":"epss","scoring_elements":"0.88301","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05224","scoring_system":"epss","scoring_elements":"0.90135","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05224","scoring_system":"epss","scoring_elements":"0.90134","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05224","scoring_system":"epss","scoring_elements":"0.90132","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05224","scoring_system":"epss","scoring_elements":"0.90119","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362601","reference_id":"1362601","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362601"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714","reference_id":"837714","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1852","reference_id":"RHSA-2016:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1853","reference_id":"RHSA-2016:1853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1853"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101179?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5418"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5gx-6cyn-wkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6189?format=json","vulnerability_id":"VCID-gu6c-aam9-9bfs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000877.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[{"value":"0.01775","scoring_system":"epss","scoring_elements":"0.83045","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01775","scoring_system":"epss","scoring_elements":"0.83022","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01775","scoring_system":"epss","scoring_elements":"0.83037","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01775","scoring_system":"epss","scoring_elements":"0.83049","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663887","reference_id":"1663887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663887"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916964","reference_id":"916964","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916964"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2298","reference_id":"RHSA-2019:2298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3698","reference_id":"RHSA-2019:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3698"},{"reference_url":"https://usn.ubuntu.com/3859-1/","reference_id":"USN-3859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101188?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000877"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gu6c-aam9-9bfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75428?format=json","vulnerability_id":"VCID-gudt-ehk8-4uf4","summary":"bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8915.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8915.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8915","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6216","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62162","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62113","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62158","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62143","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8915"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216891","reference_id":"1216891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784213","reference_id":"784213","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784213"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8915"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gudt-ehk8-4uf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6185?format=json","vulnerability_id":"VCID-gue4-gwmq-cud9","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000019.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1000019","reference_id":"","reference_type":"","scores":[{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83135","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83162","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83156","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.8315","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.8316","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83161","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1000019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672892","reference_id":"1672892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672892"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2298","reference_id":"RHSA-2019:2298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3698","reference_id":"RHSA-2019:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3698"},{"reference_url":"https://usn.ubuntu.com/3884-1/","reference_id":"USN-3884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3884-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101189?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2019-1000019"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gue4-gwmq-cud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75438?format=json","vulnerability_id":"VCID-her3-2ts6-tqcy","summary":"The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8923.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8923.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8923","reference_id":"","reference_type":"","scores":[{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84781","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84805","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84809","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84803","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84792","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02215","scoring_system":"epss","scoring_elements":"0.84806","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348773","reference_id":"1348773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348773"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8923"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-her3-2ts6-tqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75487?format=json","vulnerability_id":"VCID-hg9d-v158-mkc1","summary":"An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5601.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5601","reference_id":"","reference_type":"","scores":[{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.77129","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.77171","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.77159","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.77149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.7716","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00982","scoring_system":"epss","scoring_elements":"0.7717","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417912","reference_id":"1417912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417912"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278","reference_id":"853278","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101187?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5601"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg9d-v158-mkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75446?format=json","vulnerability_id":"VCID-hxfa-y27q-ebbd","summary":"Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8931.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8931.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8931","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50498","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50567","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50547","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50517","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50534","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348779","reference_id":"1348779","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348779"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8931"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxfa-y27q-ebbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6187?format=json","vulnerability_id":"VCID-jpyc-ymx3-uuhh","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000879.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000879","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72163","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.7219","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72211","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000879"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000879"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663890","reference_id":"1663890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663890"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916962","reference_id":"916962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916962"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101188?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000879"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpyc-ymx3-uuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6188?format=json","vulnerability_id":"VCID-k2jw-vx9c-1bg3","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000878.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82673","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82703","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82697","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82691","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82701","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0171","scoring_system":"epss","scoring_elements":"0.82699","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663889","reference_id":"1663889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663889"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916963","reference_id":"916963","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916963"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2298","reference_id":"RHSA-2019:2298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3698","reference_id":"RHSA-2019:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3698"},{"reference_url":"https://usn.ubuntu.com/3859-1/","reference_id":"USN-3859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101188?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000878"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2jw-vx9c-1bg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75537?format=json","vulnerability_id":"VCID-k366-b845-abfj","summary":"A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5918.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5918","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29499","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29551","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29518","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29486","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107624","reference_id":"1107624","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370877","reference_id":"2370877","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370877"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2584","reference_id":"2584","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2584"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5918","reference_id":"CVE-2025-5918","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5918"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","reference_id":"v3.8.0","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101204?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101202?format=json","purl":"pkg:deb/debian/libarchive@3.8.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5918"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k366-b845-abfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75482?format=json","vulnerability_id":"VCID-kgdg-2t87-e7by","summary":"The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8689.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8689","reference_id":"","reference_type":"","scores":[{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78563","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78597","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78588","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78576","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01118","scoring_system":"epss","scoring_elements":"0.78594","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377925","reference_id":"1377925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377925"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840934","reference_id":"840934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840934"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101180?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8689"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgdg-2t87-e7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75525?format=json","vulnerability_id":"VCID-m5a9-qdp6-zfde","summary":"execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48957.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48957","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30838","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30918","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30885","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3082","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48957"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084978","reference_id":"1084978","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084978"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2149","reference_id":"2149","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:31:31Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2149"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317729","reference_id":"2317729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317729"},{"reference_url":"https://github.com/terrynini/CVE-Reports/blob/main/CVE-2024-48957/README.md","reference_id":"README.md","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:31:31Z/"}],"url":"https://github.com/terrynini/CVE-Reports/blob/main/CVE-2024-48957/README.md"},{"reference_url":"https://usn.ubuntu.com/7070-1/","reference_id":"USN-7070-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7070-1/"},{"reference_url":"https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5","reference_id":"v3.7.4...v3.7.5","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T20:31:31Z/"}],"url":"https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101199?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101200?format=json","purl":"pkg:deb/debian/libarchive@3.7.2-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.2-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5a9-qdp6-zfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75431?format=json","vulnerability_id":"VCID-mag5-4n4u-37en","summary":"bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a \"split file in multivolume RAR,\" which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8916.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8916","reference_id":"","reference_type":"","scores":[{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77011","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77044","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77053","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77041","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77031","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00973","scoring_system":"epss","scoring_elements":"0.77052","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348412","reference_id":"1348412","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348412"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8916"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mag5-4n4u-37en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75481?format=json","vulnerability_id":"VCID-mtev-kqrn-hybv","summary":"The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8688.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8688","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45439","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45508","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45479","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923","reference_id":"1377923","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840935","reference_id":"840935","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840935"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://usn.ubuntu.com/3225-1/","reference_id":"USN-3225-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3225-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101180?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8688"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtev-kqrn-hybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75441?format=json","vulnerability_id":"VCID-n336-t2eq-e3cs","summary":"The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8926.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8926","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61598","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61646","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61653","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61642","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61626","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61644","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348424","reference_id":"1348424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348424"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8926"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n336-t2eq-e3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75442?format=json","vulnerability_id":"VCID-n352-9wrh-rqgc","summary":"The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8927.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8927","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44851","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44906","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44877","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44888","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8927"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348426","reference_id":"1348426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348426"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8927"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n352-9wrh-rqgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6186?format=json","vulnerability_id":"VCID-n56c-gd3f-1ba1","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67897","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67898","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67905","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663892","reference_id":"1663892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663892"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916960","reference_id":"916960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916960"},{"reference_url":"https://security.archlinux.org/ASA-201906-21","reference_id":"ASA-201906-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-21"},{"reference_url":"https://security.archlinux.org/AVG-837","reference_id":"AVG-837","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-837"},{"reference_url":"https://usn.ubuntu.com/3859-1/","reference_id":"USN-3859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101188?format=json","purl":"pkg:deb/debian/libarchive@3.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000880"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n56c-gd3f-1ba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42792?format=json","vulnerability_id":"VCID-nrdr-yd3k-sybt","summary":"Out-of-bounds Read\nLibarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26280.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26280.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26280","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30874","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30941","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30909","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30875","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30843","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30862","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libarchive/libarchive/issues/1672","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/issues/1672"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008953","reference_id":"1008953","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008953"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071931","reference_id":"2071931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071931"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26280","reference_id":"CVE-2022-26280","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26280"},{"reference_url":"https://security.gentoo.org/glsa/202208-26","reference_id":"GLSA-202208-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5252","reference_id":"RHSA-2022:5252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5252"},{"reference_url":"https://usn.ubuntu.com/5374-1/","reference_id":"USN-5374-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5374-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101195?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101196?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2022-26280"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrdr-yd3k-sybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75447?format=json","vulnerability_id":"VCID-ntqh-jfsf-a7hy","summary":"The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8932.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8932","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68712","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68752","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68756","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.6876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68736","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348780","reference_id":"1348780","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348780"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8932"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqh-jfsf-a7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75486?format=json","vulnerability_id":"VCID-pbqy-fdhh-83ea","summary":"libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14503.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14503","reference_id":"","reference_type":"","scores":[{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71583","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71578","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71602","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494449","reference_id":"1494449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875960","reference_id":"875960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875960"},{"reference_url":"https://security.gentoo.org/glsa/201908-11","reference_id":"GLSA-201908-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2298","reference_id":"RHSA-2019:2298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3698","reference_id":"RHSA-2019:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3698"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101185?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-4.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14503"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqy-fdhh-83ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75523?format=json","vulnerability_id":"VCID-pqcw-kbdx-b7ez","summary":"Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48615.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48615","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4844","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48469","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48475","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48456","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48428","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48615"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355784","reference_id":"2355784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355784"},{"reference_url":"https://github.com/88Sanghy88/crash-test","reference_id":"crash-test","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T16:01:57Z/"}],"url":"https://github.com/88Sanghy88/crash-test"},{"reference_url":"https://github.com/libarchive/libarchive/releases/download/v3.7.6/libarchive-3.7.6.tar.gz","reference_id":"libarchive-3.7.6.tar.gz","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T16:01:57Z/"}],"url":"https://github.com/libarchive/libarchive/releases/download/v3.7.6/libarchive-3.7.6.tar.gz"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48615"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqcw-kbdx-b7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75439?format=json","vulnerability_id":"VCID-pusd-k7nk-tbfc","summary":"The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8924.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8924.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8924","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55854","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.5591","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55917","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55904","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55887","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55908","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348421","reference_id":"1348421","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348421"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8924"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pusd-k7nk-tbfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75533?format=json","vulnerability_id":"VCID-q6rz-nxwz-6ygc","summary":"A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5915.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5915.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5915","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2553","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25634","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2558","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25521","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5915"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107622","reference_id":"1107622","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107622"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370865","reference_id":"2370865","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:04:12Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370865"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2599","reference_id":"2599","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:04:12Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2599"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5915","reference_id":"CVE-2025-5915","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:04:12Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5915"},{"reference_url":"https://usn.ubuntu.com/7601-1/","reference_id":"USN-7601-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7601-1/"},{"reference_url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","reference_id":"v3.8.0","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:04:12Z/"}],"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101203?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101205?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5915"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6rz-nxwz-6ygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75485?format=json","vulnerability_id":"VCID-qbww-6cd7-gyb8","summary":"read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14502.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14502","reference_id":"","reference_type":"","scores":[{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.79181","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.79193","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.79212","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.79204","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.79207","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494463","reference_id":"1494463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875974","reference_id":"875974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875974"},{"reference_url":"https://security.gentoo.org/glsa/201908-11","reference_id":"GLSA-201908-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-11"},{"reference_url":"https://usn.ubuntu.com/3859-1/","reference_id":"USN-3859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101185?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-4.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14502"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbww-6cd7-gyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75448?format=json","vulnerability_id":"VCID-qcu6-e115-mfh5","summary":"Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8933.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8933.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8933","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54513","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54571","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.5455","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.5458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54572","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348781","reference_id":"1348781","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348781"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8933"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcu6-e115-mfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64803?format=json","vulnerability_id":"VCID-qfaz-th5k-u3f3","summary":"libarchive: libarchive: Denial of Service via malformed ISO file processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4426.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4426","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40057","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40093","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40096","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40068","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4004","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4426"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131444","reference_id":"1131444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449010","reference_id":"2449010","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449010"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2897","reference_id":"2897","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2897"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4426","reference_id":"CVE-2026-4426","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8944","reference_id":"RHSA-2026:8944","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8944"},{"reference_url":"https://usn.ubuntu.com/8292-1/","reference_id":"USN-8292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8292-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101206?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4426"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfaz-th5k-u3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75410?format=json","vulnerability_id":"VCID-rn7g-yd9m-fua2","summary":"archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3644","reference_id":"","reference_type":"","scores":[{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94445","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94453","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94455","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94457","published_at":"2026-06-07T12:55:00Z"},{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94458","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13904","scoring_system":"epss","scoring_elements":"0.94462","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924","reference_id":"432924","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"},{"reference_url":"https://security.gentoo.org/glsa/200708-03","reference_id":"GLSA-200708-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101168?format=json","purl":"pkg:deb/debian/libarchive@2.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@2.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3644"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn7g-yd9m-fua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75509?format=json","vulnerability_id":"VCID-tmbf-p5xx-nfak","summary":"An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23177.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23177","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1305","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13129","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13132","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13092","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13004","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13035","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23177"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad"},{"reference_url":"https://github.com/libarchive/libarchive/issues/1565","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/issues/1565"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001986","reference_id":"1001986","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024245","reference_id":"2024245","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024245"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-23177","reference_id":"CVE-2021-23177","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2021-23177"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23177","reference_id":"CVE-2021-23177","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0892","reference_id":"RHSA-2022:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0892"},{"reference_url":"https://usn.ubuntu.com/5291-1/","reference_id":"USN-5291-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5291-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101193?format=json","purl":"pkg:deb/debian/libarchive@3.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2021-23177"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmbf-p5xx-nfak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75435?format=json","vulnerability_id":"VCID-vsfx-3gzq-1qhv","summary":"The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8920.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8920.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8920","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68546","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68588","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68596","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68589","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68574","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68592","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348416","reference_id":"1348416","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348416"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8920"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsfx-3gzq-1qhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75436?format=json","vulnerability_id":"VCID-wqbs-kff4-1qc3","summary":"The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8921.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8921","reference_id":"","reference_type":"","scores":[{"value":"0.04252","scoring_system":"epss","scoring_elements":"0.88994","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04252","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04252","scoring_system":"epss","scoring_elements":"0.89012","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04252","scoring_system":"epss","scoring_elements":"0.89028","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348772","reference_id":"1348772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348772"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8921"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqbs-kff4-1qc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75432?format=json","vulnerability_id":"VCID-wwkh-5ser-f7hq","summary":"bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8917.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8917.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8917","reference_id":"","reference_type":"","scores":[{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.90536","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.9055","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.90548","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.90547","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05663","scoring_system":"epss","scoring_elements":"0.90564","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348413","reference_id":"1348413","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348413"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8917"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkh-5ser-f7hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75513?format=json","vulnerability_id":"VCID-x436-na6m-ubd9","summary":"Windows libarchive Remote Code Execution Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20696.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20696","reference_id":"","reference_type":"","scores":[{"value":"0.07709","scoring_system":"epss","scoring_elements":"0.9209","published_at":"2026-06-09T12:55:00Z"},{"value":"0.07709","scoring_system":"epss","scoring_elements":"0.92077","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07709","scoring_system":"epss","scoring_elements":"0.92075","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07709","scoring_system":"epss","scoring_elements":"0.92076","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07709","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086155","reference_id":"1086155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290448","reference_id":"2290448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290448"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696","reference_id":"CVE-2024-20696","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T18:52:38Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696"},{"reference_url":"https://usn.ubuntu.com/7087-1/","reference_id":"USN-7087-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7087-1/"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101195?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101197?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101198?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-20696"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x436-na6m-ubd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75517?format=json","vulnerability_id":"VCID-xkj9-d425-sfhr","summary":"Libarchive Remote Code Execution Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26256.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26256","reference_id":"","reference_type":"","scores":[{"value":"0.37694","scoring_system":"epss","scoring_elements":"0.97293","published_at":"2026-06-09T12:55:00Z"},{"value":"0.37694","scoring_system":"epss","scoring_elements":"0.97289","published_at":"2026-06-05T12:55:00Z"},{"value":"0.37694","scoring_system":"epss","scoring_elements":"0.97291","published_at":"2026-06-06T12:55:00Z"},{"value":"0.37694","scoring_system":"epss","scoring_elements":"0.97292","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072107","reference_id":"1072107","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2282521","reference_id":"2282521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2282521"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256","reference_id":"CVE-2024-26256","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:37:11Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256"},{"reference_url":"https://usn.ubuntu.com/6805-1/","reference_id":"USN-6805-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6805-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101174?format=json","purl":"pkg:deb/debian/libarchive@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101199?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101200?format=json","purl":"pkg:deb/debian/libarchive@3.7.2-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.2-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2024-26256"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkj9-d425-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75461?format=json","vulnerability_id":"VCID-xw2b-7t64-z3bm","summary":"Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4300.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4300.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4300","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78425","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78453","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78461","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78451","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78439","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78457","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348439","reference_id":"1348439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348439"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4300"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw2b-7t64-z3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75440?format=json","vulnerability_id":"VCID-xybq-93sp-qker","summary":"The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8925.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8925.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8925","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66584","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66631","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66617","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66602","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66619","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348423","reference_id":"1348423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348423"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8925"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xybq-93sp-qker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75452?format=json","vulnerability_id":"VCID-y61v-j3s4-qycm","summary":"The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10209.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10209","reference_id":"","reference_type":"","scores":[{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74336","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74369","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74374","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74362","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74344","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.7437","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439703","reference_id":"1439703","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439703"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859456","reference_id":"859456","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859456"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101177?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10209"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y61v-j3s4-qycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75437?format=json","vulnerability_id":"VCID-y7z2-cxzp-6fbz","summary":"The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8922.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8922.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8922","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60045","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60092","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60095","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60083","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60066","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60084","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348419","reference_id":"1348419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348419"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8922"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7z2-cxzp-6fbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75414?format=json","vulnerability_id":"VCID-ym6e-zsyx-ryh2","summary":"Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1777","reference_id":"","reference_type":"","scores":[{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86878","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.869","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86897","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86893","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86883","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86896","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651844","reference_id":"651844","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849","reference_id":"705849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=705849"},{"reference_url":"https://security.gentoo.org/glsa/201406-02","reference_id":"GLSA-201406-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1507","reference_id":"RHSA-2011:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1507"},{"reference_url":"https://usn.ubuntu.com/1310-1/","reference_id":"USN-1310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101170?format=json","purl":"pkg:deb/debian/libarchive@2.8.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@2.8.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1777"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ym6e-zsyx-ryh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75444?format=json","vulnerability_id":"VCID-yn2q-9svn-vucq","summary":"Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8929.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8929.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8929","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48865","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48927","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48887","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48901","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8929"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348771","reference_id":"1348771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348771"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101173?format=json","purl":"pkg:deb/debian/libarchive@3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8929"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn2q-9svn-vucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65108?format=json","vulnerability_id":"VCID-yr95-zhhd-sfet","summary":"libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4111.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4111","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11287","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11394","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1139","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11355","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11272","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130753","reference_id":"1130753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446453","reference_id":"2446453","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446453"},{"reference_url":"https://github.com/libarchive/libarchive/pull/2877","reference_id":"2877","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://github.com/libarchive/libarchive/pull/2877"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.3::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.4::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9","reference_id":"cpe:/a:redhat:rhui:5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0","reference_id":"cpe:/o:redhat:enterprise_linux_eus:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4111","reference_id":"CVE-2026-4111","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10081","reference_id":"RHSA-2026:10081","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10081"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5063","reference_id":"RHSA-2026:5063","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5080","reference_id":"RHSA-2026:5080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6647","reference_id":"RHSA-2026:6647","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7093","reference_id":"RHSA-2026:7093","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7105","reference_id":"RHSA-2026:7105","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7106","reference_id":"RHSA-2026:7106","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7335","reference_id":"RHSA-2026:7335","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8423","reference_id":"RHSA-2026:8423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8865","reference_id":"RHSA-2026:8865","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8944","reference_id":"RHSA-2026:8944","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9832","reference_id":"RHSA-2026:9832","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:9832"},{"reference_url":"https://usn.ubuntu.com/8147-1/","reference_id":"USN-8147-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8147-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101206?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101207?format=json","purl":"pkg:deb/debian/libarchive@3.8.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4111"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr95-zhhd-sfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75463?format=json","vulnerability_id":"VCID-ywea-zfv7-5baz","summary":"Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4301.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4301","reference_id":"","reference_type":"","scores":[{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.83335","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.8336","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.83362","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.83358","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.83351","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01847","scoring_system":"epss","scoring_elements":"0.83364","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4301"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348441","reference_id":"1348441","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348441"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4301"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywea-zfv7-5baz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75453?format=json","vulnerability_id":"VCID-zd9y-zkbr-dubv","summary":"The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10349.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10349.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10349","reference_id":"","reference_type":"","scores":[{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76663","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76692","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76677","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76699","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76687","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449528","reference_id":"1449528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609","reference_id":"861609","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609"},{"reference_url":"https://security.gentoo.org/glsa/201710-19","reference_id":"GLSA-201710-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-19"},{"reference_url":"https://usn.ubuntu.com/3736-1/","reference_id":"USN-3736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101177?format=json","purl":"pkg:deb/debian/libarchive@3.2.2-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10349"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd9y-zkbr-dubv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75512?format=json","vulnerability_id":"VCID-zgpe-j255-5yct","summary":"In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36227.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36227","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68347","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68389","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68373","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68396","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36227"},{"reference_url":"https://bugs.gentoo.org/882521","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/882521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libarchive/libarchive/issues/1754","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libarchive/libarchive/issues/1754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024669","reference_id":"1024669","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024669"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2144972","reference_id":"2144972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2144972"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36227","reference_id":"CVE-2022-36227","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36227"},{"reference_url":"https://security.gentoo.org/glsa/202309-14","reference_id":"GLSA-202309-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202309-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2532","reference_id":"RHSA-2023:2532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3018","reference_id":"RHSA-2023:3018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0146","reference_id":"RHSA-2024:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0146"},{"reference_url":"https://usn.ubuntu.com/7070-1/","reference_id":"USN-7070-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7070-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101195?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101196?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2022-36227"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpe-j255-5yct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75473?format=json","vulnerability_id":"VCID-zydt-8bwa-37bw","summary":"Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5844.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5844","reference_id":"","reference_type":"","scores":[{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81079","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81084","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.8108","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81076","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01438","scoring_system":"epss","scoring_elements":"0.81094","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1350280","reference_id":"1350280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1350280"},{"reference_url":"https://security.gentoo.org/glsa/201701-03","reference_id":"GLSA-201701-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1844","reference_id":"RHSA-2016:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1850","reference_id":"RHSA-2016:1850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1850"},{"reference_url":"https://usn.ubuntu.com/3033-1/","reference_id":"USN-3033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3033-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101176?format=json","purl":"pkg:deb/debian/libarchive@3.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101165?format=json","purl":"pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101163?format=json","purl":"pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pp8-5uev-z7b4"},{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101167?format=json","purl":"pkg:deb/debian/libarchive@3.7.4-4%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uqp-6xsc-g7c1"},{"vulnerability":"VCID-evkf-vrqz-kkca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.7.4-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101166?format=json","purl":"pkg:deb/debian/libarchive@3.8.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.8.7-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5844"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zydt-8bwa-37bw"}],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1%3Fdistro=trixie"}