Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049950?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "type": "deb", "namespace": "debian", "name": "libytnef", "version": "1.9.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.9.3-3", "latest_non_vulnerable_version": "1.9.3-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57207?format=api", "vulnerability_id": "VCID-4vcd-yfbf-2bew", "summary": "Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.84038", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83861", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83891", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83893", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83917", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83923", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83939", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83933", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.8393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83955", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83956", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83982", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.8399", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.83995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02066", "scoring_system": "epss", "scoring_elements": "0.84016", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3404" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982596", "reference_id": "982596", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982596" }, { "reference_url": "https://security.archlinux.org/AVG-1552", "reference_id": "AVG-1552", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1552" }, { "reference_url": "https://security.gentoo.org/glsa/202405-24", "reference_id": "GLSA-202405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054416?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3" } ], "aliases": [ "CVE-2021-3404" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcd-yfbf-2bew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57206?format=api", "vulnerability_id": "VCID-4w5v-t22x-5khp", "summary": "Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75624", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75448", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.7545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75481", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75462", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75504", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75513", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75533", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75502", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75544", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.7555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75537", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75575", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.7558", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75584", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75595", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3403" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982594", "reference_id": "982594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982594" }, { "reference_url": "https://security.archlinux.org/AVG-1552", "reference_id": "AVG-1552", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1552" }, { "reference_url": "https://security.gentoo.org/glsa/202405-24", "reference_id": "GLSA-202405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054416?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3" } ], "aliases": [ "CVE-2021-3403" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5v-t22x-5khp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93077?format=api", "vulnerability_id": "VCID-21bd-whcr-ekgv", "summary": "In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38815", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3878", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38752", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38776", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38696", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38516", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38308", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3838", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815", "reference_id": "870815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815" }, { "reference_url": "https://usn.ubuntu.com/3667-1/", "reference_id": "USN-3667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-12141" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21bd-whcr-ekgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93396?format=api", "vulnerability_id": "VCID-2zd4-eyeq-27dd", "summary": "In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45489", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45488", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45509", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45479", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45531", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45528", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45478", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45403", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45343", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45238", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45302", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194", "reference_id": "870194", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194" }, { "reference_url": "https://usn.ubuntu.com/3667-1/", "reference_id": "USN-3667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9471" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zd4-eyeq-27dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93369?format=api", "vulnerability_id": "VCID-8esx-t2u5-e3hq", "summary": "The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69641", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69685", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69725", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.6971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69727", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69778", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69786", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69792", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69765", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69809", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707", "reference_id": "862707", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707" }, { "reference_url": "https://usn.ubuntu.com/3667-1/", "reference_id": "USN-3667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8esx-t2u5-e3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93399?format=api", "vulnerability_id": "VCID-efxj-4v6j-fbaa", "summary": "In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41465", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41583", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41509", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4159", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41557", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41487", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41375", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41163", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192", "reference_id": "870192", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9474" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efxj-4v6j-fbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93078?format=api", "vulnerability_id": "VCID-nrgn-8ky2-pyec", "summary": "In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36308", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36483", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36517", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36355", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36425", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36397", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36375", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36416", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36399", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36344", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36121", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3609", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36004", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.35885", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.35954", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816", "reference_id": "870816", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-12142" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrgn-8ky2-pyec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93397?format=api", "vulnerability_id": "VCID-qkuz-r9a9-vqbx", "summary": "In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41465", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41583", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41509", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41559", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4159", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41557", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41487", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41375", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41163", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193", "reference_id": "870193", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9472" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkuz-r9a9-vqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93398?format=api", "vulnerability_id": "VCID-sag4-mswc-hbg5", "summary": "In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49523", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49553", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49581", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49572", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49619", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49587", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49588", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49547", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49464", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197", "reference_id": "870197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197" }, { "reference_url": "https://usn.ubuntu.com/3667-1/", "reference_id": "USN-3667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9473" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sag4-mswc-hbg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93080?format=api", "vulnerability_id": "VCID-uar8-sxnf-efhs", "summary": "In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55777", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5589", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55911", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55941", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55943", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55952", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55932", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55914", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5595", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55954", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55929", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55855", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55874", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55849", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5579", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817", "reference_id": "870817", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-12144" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uar8-sxnf-efhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93395?format=api", "vulnerability_id": "VCID-ujwn-5uux-gygu", "summary": "In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45292", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45372", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45391", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45413", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45382", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45383", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45435", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4543", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45293", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.453", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4524", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45138", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45202", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196", "reference_id": "870196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049950?format=api", "purl": "pkg:deb/debian/libytnef@1.9.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vcd-yfbf-2bew" }, { "vulnerability": "VCID-4w5v-t22x-5khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" } ], "aliases": [ "CVE-2017-9470" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujwn-5uux-gygu" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1" }