{"url":"http://public2.vulnerablecode.io/api/packages/1053586?format=json","purl":"pkg:deb/debian/texlive-bin@2018.20181218.49446-1","type":"deb","namespace":"debian","name":"texlive-bin","version":"2018.20181218.49446-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59405?format=json","vulnerability_id":"VCID-3gpv-93qp-bfhn","summary":"A vulnerability in Kpathsea allows remote attackers to execute\n    arbitrary commands by manipulating the -tex option from mpost program.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10243.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10243.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10243","reference_id":"","reference_type":"","scores":[{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92969","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92999","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93017","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93023","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93018","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93022","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93039","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92978","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92981","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92989","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92997","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.92998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.93008","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09885","scoring_system":"epss","scoring_elements":"0.9301","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1059","scoring_system":"epss","scoring_elements":"0.93335","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"},{"reference_url":"https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/","reference_id":"","reference_type":"","scores":[],"url":"https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"},{"reference_url":"https://www.tug.org/svn/texlive?view=revision&revision=42605","reference_id":"","reference_type":"","scores":[],"url":"https://www.tug.org/svn/texlive?view=revision&revision=42605"},{"reference_url":"http://www.debian.org/security/2017/dsa-3803","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3803"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/03/05/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/03/05/1"},{"reference_url":"http://www.securityfocus.com/bid/96593","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96593"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429452","reference_id":"1429452","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429452"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10243","reference_id":"CVE-2016-10243","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10243"},{"reference_url":"https://security.gentoo.org/glsa/201709-07","reference_id":"GLSA-201709-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-07"},{"reference_url":"https://usn.ubuntu.com/3401-1/","reference_id":"USN-3401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053587?format=json","purl":"pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47dt-fhqh-pkag"},{"vulnerability":"VCID-bqqh-5311-w7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1"}],"aliases":["CVE-2016-10243"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpv-93qp-bfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95537?format=json","vulnerability_id":"VCID-47dt-fhqh-pkag","summary":"LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32668","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17825","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17924","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17811","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17776","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1763","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17722","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18111","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18011","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17983","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17933","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17876","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32668"},{"reference_url":"https://tug.org/pipermail/tex-live/2023-May/049188.html","reference_id":"049188.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/"}],"url":"https://tug.org/pipermail/tex-live/2023-May/049188.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036470","reference_id":"1036470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036470"},{"reference_url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0","reference_id":"1.17.0","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/"}],"url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"},{"reference_url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3","reference_id":"ChangeLog#L1-L3","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/"}],"url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3"},{"reference_url":"https://tug.org/~mseven/luatex.html#luasocket","reference_id":"luatex.html#luasocket","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:40:54Z/"}],"url":"https://tug.org/~mseven/luatex.html#luasocket"},{"reference_url":"https://usn.ubuntu.com/6695-1/","reference_id":"USN-6695-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6695-1/"},{"reference_url":"https://usn.ubuntu.com/7985-1/","reference_id":"USN-7985-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7985-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994443?format=json","purl":"pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%2Bdeb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15kj-emtf-vbag"},{"vulnerability":"VCID-22hs-pt9p-fbdn"},{"vulnerability":"VCID-24vd-syhs-gbhc"},{"vulnerability":"VCID-261q-t1h8-bufj"},{"vulnerability":"VCID-2pzz-h5vd-wyah"},{"vulnerability":"VCID-2unr-76q5-y7aw"},{"vulnerability":"VCID-3a9d-3kme-73d2"},{"vulnerability":"VCID-3v18-r2f3-1qdv"},{"vulnerability":"VCID-4cy9-447q-mbf3"},{"vulnerability":"VCID-4f2u-sskp-zkhu"},{"vulnerability":"VCID-4ses-k1k7-9ycz"},{"vulnerability":"VCID-4z3j-9yy6-u3eb"},{"vulnerability":"VCID-5p9e-n6p5-mudd"},{"vulnerability":"VCID-6fwt-gfj6-j7av"},{"vulnerability":"VCID-72m2-st3u-uyfm"},{"vulnerability":"VCID-76vf-yebs-mkg8"},{"vulnerability":"VCID-7x9j-31fq-hkg2"},{"vulnerability":"VCID-86bc-apbh-sbbn"},{"vulnerability":"VCID-88vn-jepe-33c1"},{"vulnerability":"VCID-8qwb-455y-bbcp"},{"vulnerability":"VCID-8xnh-5jb4-uygz"},{"vulnerability":"VCID-911d-pbx5-4qge"},{"vulnerability":"VCID-97ds-z5dk-6kbu"},{"vulnerability":"VCID-9e9z-hm4a-37ab"},{"vulnerability":"VCID-9mn1-e4dm-nfhd"},{"vulnerability":"VCID-a6an-r3tj-93ge"},{"vulnerability":"VCID-ast7-b75m-7uh3"},{"vulnerability":"VCID-bdbb-4kgq-y7ad"},{"vulnerability":"VCID-bdke-da3n-37hw"},{"vulnerability":"VCID-bw8n-jvsd-bqe9"},{"vulnerability":"VCID-d4tp-mmgz-6udh"},{"vulnerability":"VCID-dcjs-7eyq-a7gn"},{"vulnerability":"VCID-e8ev-axf6-dbc3"},{"vulnerability":"VCID-ecbh-vzp4-x7dr"},{"vulnerability":"VCID-eeet-mw7y-rudx"},{"vulnerability":"VCID-euy5-4h8q-hyb3"},{"vulnerability":"VCID-fbkh-5sb9-auc5"},{"vulnerability":"VCID-fkft-abbt-6ydx"},{"vulnerability":"VCID-fymb-bvn2-p7ej"},{"vulnerability":"VCID-fz4x-mcwe-aqgf"},{"vulnerability":"VCID-gh4u-68x5-27db"},{"vulnerability":"VCID-gsk7-273v-qfdz"},{"vulnerability":"VCID-h73f-kd2u-5yg3"},{"vulnerability":"VCID-hd3g-vc2p-4fhf"},{"vulnerability":"VCID-hqv6-gney-2fgw"},{"vulnerability":"VCID-hx8f-h823-kkhr"},{"vulnerability":"VCID-jahu-d9d6-jbbt"},{"vulnerability":"VCID-jxh3-k3es-bqah"},{"vulnerability":"VCID-k5ue-ga1d-q7gv"},{"vulnerability":"VCID-knp7-hye9-a3gv"},{"vulnerability":"VCID-m7rd-mh53-bycu"},{"vulnerability":"VCID-mm9w-wmdz-qye4"},{"vulnerability":"VCID-msch-wzj9-h7ga"},{"vulnerability":"VCID-n68j-881x-3uhp"},{"vulnerability":"VCID-nckm-umvv-3qcn"},{"vulnerability":"VCID-nk95-xdjm-vyfq"},{"vulnerability":"VCID-nucx-up6e-ayb8"},{"vulnerability":"VCID-nvrx-x1qs-vkdb"},{"vulnerability":"VCID-p973-cuza-tuhp"},{"vulnerability":"VCID-q4qv-tq4j-3uh2"},{"vulnerability":"VCID-qdek-hd55-hbe2"},{"vulnerability":"VCID-qjxs-qf6j-zycc"},{"vulnerability":"VCID-rrqw-zrh2-33dn"},{"vulnerability":"VCID-rype-ss6b-aude"},{"vulnerability":"VCID-su1a-e49q-pffw"},{"vulnerability":"VCID-t8bs-vvts-47ag"},{"vulnerability":"VCID-tqm6-8w98-q3dr"},{"vulnerability":"VCID-tz15-rmx4-pkdq"},{"vulnerability":"VCID-u9ur-b18b-gfhr"},{"vulnerability":"VCID-utve-4z7c-tkhk"},{"vulnerability":"VCID-v7pb-brn7-v7ah"},{"vulnerability":"VCID-v9pk-ecc9-yqbm"},{"vulnerability":"VCID-vfty-pe45-pya4"},{"vulnerability":"VCID-vk2y-ftzh-sqgh"},{"vulnerability":"VCID-whjt-pvqp-jycr"},{"vulnerability":"VCID-whmq-gsw4-sbgg"},{"vulnerability":"VCID-wngf-qn2d-ykef"},{"vulnerability":"VCID-ws93-jgn7-83c8"},{"vulnerability":"VCID-xfy6-snb8-63av"},{"vulnerability":"VCID-xrgb-9dwh-mubm"},{"vulnerability":"VCID-xxn1-2trx-myhs"},{"vulnerability":"VCID-xzdx-45tg-w7ft"},{"vulnerability":"VCID-y2pg-cgqs-s3gb"},{"vulnerability":"VCID-y4qh-ek9n-cyc1"},{"vulnerability":"VCID-ys96-uhkv-2qgv"},{"vulnerability":"VCID-zbsq-dfju-mkf5"},{"vulnerability":"VCID-zqjn-srqb-kfcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%252Bdeb12u2"}],"aliases":["CVE-2023-32668"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47dt-fhqh-pkag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78403?format=json","vulnerability_id":"VCID-9kvx-465q-fkam","summary":"texlive: arbitrary code execution allows document complied with older version","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32700.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32700","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4807","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.47982","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48047","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62277","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62214","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62296","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62316","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62264","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62244","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6226","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://tug.org/pipermail/tex-live/2023-May/049188.html","reference_id":"049188.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://tug.org/pipermail/tex-live/2023-May/049188.html"},{"reference_url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0","reference_id":"1.17.0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208943","reference_id":"2208943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208943"},{"reference_url":"https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984","reference_id":"build-svn66984","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984"},{"reference_url":"https://tug.org/~mseven/luatex.html","reference_id":"luatex.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://tug.org/~mseven/luatex.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3661","reference_id":"RHSA-2023:3661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3661"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/","reference_id":"RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/","reference_id":"TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:11:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"},{"reference_url":"https://usn.ubuntu.com/6115-1/","reference_id":"USN-6115-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6115-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053587?format=json","purl":"pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47dt-fhqh-pkag"},{"vulnerability":"VCID-bqqh-5311-w7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1"}],"aliases":["CVE-2023-32700"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvx-465q-fkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95988?format=json","vulnerability_id":"VCID-bqqh-5311-w7ca","summary":"texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25262","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34506","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34578","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34605","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34545","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34548","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55528","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55471","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56178","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56202","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25262"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25262","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064517","reference_id":"1064517","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064517"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912","reference_id":"2047912","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:34:50Z/"}],"url":"https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912"},{"reference_url":"https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co","reference_id":"ChangeLog?revision=69605&view=co","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:34:50Z/"}],"url":"https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co"},{"reference_url":"https://usn.ubuntu.com/6695-1/","reference_id":"USN-6695-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6695-1/"},{"reference_url":"https://usn.ubuntu.com/7985-1/","reference_id":"USN-7985-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7985-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994443?format=json","purl":"pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%2Bdeb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15kj-emtf-vbag"},{"vulnerability":"VCID-22hs-pt9p-fbdn"},{"vulnerability":"VCID-24vd-syhs-gbhc"},{"vulnerability":"VCID-261q-t1h8-bufj"},{"vulnerability":"VCID-2pzz-h5vd-wyah"},{"vulnerability":"VCID-2unr-76q5-y7aw"},{"vulnerability":"VCID-3a9d-3kme-73d2"},{"vulnerability":"VCID-3v18-r2f3-1qdv"},{"vulnerability":"VCID-4cy9-447q-mbf3"},{"vulnerability":"VCID-4f2u-sskp-zkhu"},{"vulnerability":"VCID-4ses-k1k7-9ycz"},{"vulnerability":"VCID-4z3j-9yy6-u3eb"},{"vulnerability":"VCID-5p9e-n6p5-mudd"},{"vulnerability":"VCID-6fwt-gfj6-j7av"},{"vulnerability":"VCID-72m2-st3u-uyfm"},{"vulnerability":"VCID-76vf-yebs-mkg8"},{"vulnerability":"VCID-7x9j-31fq-hkg2"},{"vulnerability":"VCID-86bc-apbh-sbbn"},{"vulnerability":"VCID-88vn-jepe-33c1"},{"vulnerability":"VCID-8qwb-455y-bbcp"},{"vulnerability":"VCID-8xnh-5jb4-uygz"},{"vulnerability":"VCID-911d-pbx5-4qge"},{"vulnerability":"VCID-97ds-z5dk-6kbu"},{"vulnerability":"VCID-9e9z-hm4a-37ab"},{"vulnerability":"VCID-9mn1-e4dm-nfhd"},{"vulnerability":"VCID-a6an-r3tj-93ge"},{"vulnerability":"VCID-ast7-b75m-7uh3"},{"vulnerability":"VCID-bdbb-4kgq-y7ad"},{"vulnerability":"VCID-bdke-da3n-37hw"},{"vulnerability":"VCID-bw8n-jvsd-bqe9"},{"vulnerability":"VCID-d4tp-mmgz-6udh"},{"vulnerability":"VCID-dcjs-7eyq-a7gn"},{"vulnerability":"VCID-e8ev-axf6-dbc3"},{"vulnerability":"VCID-ecbh-vzp4-x7dr"},{"vulnerability":"VCID-eeet-mw7y-rudx"},{"vulnerability":"VCID-euy5-4h8q-hyb3"},{"vulnerability":"VCID-fbkh-5sb9-auc5"},{"vulnerability":"VCID-fkft-abbt-6ydx"},{"vulnerability":"VCID-fymb-bvn2-p7ej"},{"vulnerability":"VCID-fz4x-mcwe-aqgf"},{"vulnerability":"VCID-gh4u-68x5-27db"},{"vulnerability":"VCID-gsk7-273v-qfdz"},{"vulnerability":"VCID-h73f-kd2u-5yg3"},{"vulnerability":"VCID-hd3g-vc2p-4fhf"},{"vulnerability":"VCID-hqv6-gney-2fgw"},{"vulnerability":"VCID-hx8f-h823-kkhr"},{"vulnerability":"VCID-jahu-d9d6-jbbt"},{"vulnerability":"VCID-jxh3-k3es-bqah"},{"vulnerability":"VCID-k5ue-ga1d-q7gv"},{"vulnerability":"VCID-knp7-hye9-a3gv"},{"vulnerability":"VCID-m7rd-mh53-bycu"},{"vulnerability":"VCID-mm9w-wmdz-qye4"},{"vulnerability":"VCID-msch-wzj9-h7ga"},{"vulnerability":"VCID-n68j-881x-3uhp"},{"vulnerability":"VCID-nckm-umvv-3qcn"},{"vulnerability":"VCID-nk95-xdjm-vyfq"},{"vulnerability":"VCID-nucx-up6e-ayb8"},{"vulnerability":"VCID-nvrx-x1qs-vkdb"},{"vulnerability":"VCID-p973-cuza-tuhp"},{"vulnerability":"VCID-q4qv-tq4j-3uh2"},{"vulnerability":"VCID-qdek-hd55-hbe2"},{"vulnerability":"VCID-qjxs-qf6j-zycc"},{"vulnerability":"VCID-rrqw-zrh2-33dn"},{"vulnerability":"VCID-rype-ss6b-aude"},{"vulnerability":"VCID-su1a-e49q-pffw"},{"vulnerability":"VCID-t8bs-vvts-47ag"},{"vulnerability":"VCID-tqm6-8w98-q3dr"},{"vulnerability":"VCID-tz15-rmx4-pkdq"},{"vulnerability":"VCID-u9ur-b18b-gfhr"},{"vulnerability":"VCID-utve-4z7c-tkhk"},{"vulnerability":"VCID-v7pb-brn7-v7ah"},{"vulnerability":"VCID-v9pk-ecc9-yqbm"},{"vulnerability":"VCID-vfty-pe45-pya4"},{"vulnerability":"VCID-vk2y-ftzh-sqgh"},{"vulnerability":"VCID-whjt-pvqp-jycr"},{"vulnerability":"VCID-whmq-gsw4-sbgg"},{"vulnerability":"VCID-wngf-qn2d-ykef"},{"vulnerability":"VCID-ws93-jgn7-83c8"},{"vulnerability":"VCID-xfy6-snb8-63av"},{"vulnerability":"VCID-xrgb-9dwh-mubm"},{"vulnerability":"VCID-xxn1-2trx-myhs"},{"vulnerability":"VCID-xzdx-45tg-w7ft"},{"vulnerability":"VCID-y2pg-cgqs-s3gb"},{"vulnerability":"VCID-y4qh-ek9n-cyc1"},{"vulnerability":"VCID-ys96-uhkv-2qgv"},{"vulnerability":"VCID-zbsq-dfju-mkf5"},{"vulnerability":"VCID-zqjn-srqb-kfcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2022.20220321.62855-5.1%252Bdeb12u2"}],"aliases":["CVE-2024-25262"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqqh-5311-w7ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94089?format=json","vulnerability_id":"VCID-tju2-c87e-5kcx","summary":"In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18604","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41653","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41637","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41851","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41916","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41871","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41922","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41921","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41908","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4193","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41859","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41797","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41789","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41708","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41567","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18604"},{"reference_url":"https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axodraw2_project:axodraw2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:axohelp.c_project:axohelp.c:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18604","reference_id":"CVE-2019-18604","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18604"},{"reference_url":"https://usn.ubuntu.com/6695-1/","reference_id":"USN-6695-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6695-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053587?format=json","purl":"pkg:deb/debian/texlive-bin@2020.20200327.54578-7%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47dt-fhqh-pkag"},{"vulnerability":"VCID-bqqh-5311-w7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2020.20200327.54578-7%252Bdeb11u1"}],"aliases":["CVE-2019-18604"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tju2-c87e-5kcx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74711?format=json","vulnerability_id":"VCID-z8b6-9u9h-gkcp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17407","reference_id":"","reference_type":"","scores":[{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.8009","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80275","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80259","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.8016","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80144","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80198","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80208","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80223","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632802","reference_id":"1632802","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317","reference_id":"909317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909317"},{"reference_url":"https://security.archlinux.org/ASA-201812-4","reference_id":"ASA-201812-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-4"},{"reference_url":"https://security.archlinux.org/AVG-770","reference_id":"AVG-770","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1036","reference_id":"RHSA-2020:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1036"},{"reference_url":"https://usn.ubuntu.com/3788-1/","reference_id":"USN-3788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3788-1/"},{"reference_url":"https://usn.ubuntu.com/3788-2/","reference_id":"USN-3788-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3788-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037649?format=json","purl":"pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3gpv-93qp-bfhn"},{"vulnerability":"VCID-47dt-fhqh-pkag"},{"vulnerability":"VCID-9kvx-465q-fkam"},{"vulnerability":"VCID-bqqh-5311-w7ca"},{"vulnerability":"VCID-tju2-c87e-5kcx"},{"vulnerability":"VCID-z8b6-9u9h-gkcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2016.20160513.41080.dfsg-2%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1053586?format=json","purl":"pkg:deb/debian/texlive-bin@2018.20181218.49446-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3gpv-93qp-bfhn"},{"vulnerability":"VCID-47dt-fhqh-pkag"},{"vulnerability":"VCID-9kvx-465q-fkam"},{"vulnerability":"VCID-bqqh-5311-w7ca"},{"vulnerability":"VCID-tju2-c87e-5kcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2018.20181218.49446-1"}],"aliases":["CVE-2018-17407"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8b6-9u9h-gkcp"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/texlive-bin@2018.20181218.49446-1"}