{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","type":"deb","namespace":"debian","name":"libmspack","version":"0.11-1.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76524?format=json","vulnerability_id":"VCID-1g44-gkzz-ykak","summary":"Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4471","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69398","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69437","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4471"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775499","reference_id":"775499","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102671?format=json","purl":"pkg:deb/debian/libmspack@0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4471"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1g44-gkzz-ykak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4314?format=json","vulnerability_id":"VCID-4p5d-52eh-ubcn","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11423.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11423","reference_id":"","reference_type":"","scores":[{"value":"0.02813","scoring_system":"epss","scoring_elements":"0.86409","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02813","scoring_system":"epss","scoring_elements":"0.86431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472776","reference_id":"1472776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956","reference_id":"868956","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956"},{"reference_url":"https://security.archlinux.org/ASA-201802-9","reference_id":"ASA-201802-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-9"},{"reference_url":"https://security.archlinux.org/ASA-201803-14","reference_id":"ASA-201803-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-14"},{"reference_url":"https://security.archlinux.org/AVG-602","reference_id":"AVG-602","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-602"},{"reference_url":"https://security.archlinux.org/AVG-603","reference_id":"AVG-603","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-603"},{"reference_url":"https://security.gentoo.org/glsa/201804-16","reference_id":"GLSA-201804-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-16"},{"reference_url":"https://usn.ubuntu.com/3394-1/","reference_id":"USN-3394-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3394-1/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102678?format=json","purl":"pkg:deb/debian/libmspack@0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2017-11423"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4p5d-52eh-ubcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76532?format=json","vulnerability_id":"VCID-5uvr-w93b-v7gh","summary":"libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010305.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010305","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45863","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730568","reference_id":"1730568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1686","reference_id":"RHSA-2020:1686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3848","reference_id":"RHSA-2020:3848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3848"},{"reference_url":"https://usn.ubuntu.com/4066-1/","reference_id":"USN-4066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4066-1/"},{"reference_url":"https://usn.ubuntu.com/4066-2/","reference_id":"USN-4066-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4066-2/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102688?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2019-1010305"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uvr-w93b-v7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76526?format=json","vulnerability_id":"VCID-6t2u-9bfn-1fa8","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14679.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14679","reference_id":"","reference_type":"","scores":[{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77193","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77225","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610890","reference_id":"1610890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610890"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904802","reference_id":"904802","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904802"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102680?format=json","purl":"pkg:deb/debian/libmspack@0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14679"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t2u-9bfn-1fa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76520?format=json","vulnerability_id":"VCID-6yqm-jpwn-pkgx","summary":"The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4467","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59557","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4467"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774725","reference_id":"774725","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774725"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102672?format=json","purl":"pkg:deb/debian/libmspack@0.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4467"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqm-jpwn-pkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76527?format=json","vulnerability_id":"VCID-8dps-z16n-vygg","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14680.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14680.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14680","reference_id":"","reference_type":"","scores":[{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.8666","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.86682","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610934","reference_id":"1610934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610934"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904801","reference_id":"904801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904801"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102680?format=json","purl":"pkg:deb/debian/libmspack@0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14680"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dps-z16n-vygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76530?format=json","vulnerability_id":"VCID-9jzc-r4s3-t7hw","summary":"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585","reference_id":"","reference_type":"","scores":[{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80149","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215","reference_id":"1644215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637","reference_id":"911637","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102685?format=json","purl":"pkg:deb/debian/libmspack@0.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-18585"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jzc-r4s3-t7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76522?format=json","vulnerability_id":"VCID-a24d-htm3-uygm","summary":"The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4469","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59557","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4469"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726","reference_id":"774726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102672?format=json","purl":"pkg:deb/debian/libmspack@0.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4469"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a24d-htm3-uygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4313?format=json","vulnerability_id":"VCID-ana7-48xd-vfa9","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6419.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6419","reference_id":"","reference_type":"","scores":[{"value":"0.02272","scoring_system":"epss","scoring_elements":"0.84955","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02272","scoring_system":"epss","scoring_elements":"0.84979","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483909","reference_id":"1483909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483909"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263","reference_id":"871263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263"},{"reference_url":"https://security.archlinux.org/ASA-201802-9","reference_id":"ASA-201802-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-9"},{"reference_url":"https://security.archlinux.org/ASA-201803-14","reference_id":"ASA-201803-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-14"},{"reference_url":"https://security.archlinux.org/AVG-602","reference_id":"AVG-602","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-602"},{"reference_url":"https://security.archlinux.org/AVG-603","reference_id":"AVG-603","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-603"},{"reference_url":"https://security.gentoo.org/glsa/201804-16","reference_id":"GLSA-201804-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-16"},{"reference_url":"https://usn.ubuntu.com/3393-1/","reference_id":"USN-3393-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3393-1/"},{"reference_url":"https://usn.ubuntu.com/3393-2/","reference_id":"USN-3393-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3393-2/"},{"reference_url":"https://usn.ubuntu.com/3394-1/","reference_id":"USN-3394-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3394-1/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102678?format=json","purl":"pkg:deb/debian/libmspack@0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2017-6419"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ana7-48xd-vfa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76531?format=json","vulnerability_id":"VCID-pmnq-db1b-dydr","summary":"chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70077","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216","reference_id":"1644216","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639","reference_id":"911639","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102685?format=json","purl":"pkg:deb/debian/libmspack@0.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-18586"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmnq-db1b-dydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76523?format=json","vulnerability_id":"VCID-rn7n-3jct-3kgs","summary":"Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4470","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6256","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62605","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4470"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775498","reference_id":"775498","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102671?format=json","purl":"pkg:deb/debian/libmspack@0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4470"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn7n-3jct-3kgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76519?format=json","vulnerability_id":"VCID-sv8f-w85d-rqec","summary":"The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9732","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61086","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9732"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774665","reference_id":"774665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774665"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102671?format=json","purl":"pkg:deb/debian/libmspack@0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2014-9732"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sv8f-w85d-rqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76529?format=json","vulnerability_id":"VCID-vjq6-2zgg-ffft","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14682.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14682.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14682","reference_id":"","reference_type":"","scores":[{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89239","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610941","reference_id":"1610941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904800","reference_id":"904800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904800"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102680?format=json","purl":"pkg:deb/debian/libmspack@0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14682"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjq6-2zgg-ffft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76525?format=json","vulnerability_id":"VCID-vy6d-drxz-2fed","summary":"Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4472","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58818","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58864","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4472"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775687","reference_id":"775687","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775687"},{"reference_url":"https://security.gentoo.org/glsa/201506-01","reference_id":"GLSA-201506-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201506-01"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102671?format=json","purl":"pkg:deb/debian/libmspack@0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy6d-drxz-2fed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76521?format=json","vulnerability_id":"VCID-y6uw-79q2-syed","summary":"Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4468","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59557","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726","reference_id":"774726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102672?format=json","purl":"pkg:deb/debian/libmspack@0.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-4468"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6uw-79q2-syed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76528?format=json","vulnerability_id":"VCID-y83a-pxe4-ybgp","summary":"An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14681.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14681","reference_id":"","reference_type":"","scores":[{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89239","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610896","reference_id":"1610896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904799","reference_id":"904799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904799"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102680?format=json","purl":"pkg:deb/debian/libmspack@0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14681"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y83a-pxe4-ybgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61721?format=json","vulnerability_id":"VCID-yv7x-1cfs-cybe","summary":"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584","reference_id":"","reference_type":"","scores":[{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90701","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214","reference_id":"1644214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640","reference_id":"911640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102685?format=json","purl":"pkg:deb/debian/libmspack@0.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-18584"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7x-1cfs-cybe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61719?format=json","vulnerability_id":"VCID-zcpe-23mh-fqe1","summary":"Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9556","reference_id":"","reference_type":"","scores":[{"value":"0.01102","scoring_system":"epss","scoring_elements":"0.784","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01102","scoring_system":"epss","scoring_elements":"0.78428","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772891","reference_id":"772891","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041","reference_id":"773041","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102667?format=json","purl":"pkg:deb/debian/libmspack@0.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102668?format=json","purl":"pkg:deb/debian/libmspack@0.10.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.10.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102666?format=json","purl":"pkg:deb/debian/libmspack@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102669?format=json","purl":"pkg:deb/debian/libmspack@0.11-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}],"aliases":["CVE-2014-9556"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zcpe-23mh-fqe1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmspack@0.11-1.1%3Fdistro=trixie"}