{"url":"http://public2.vulnerablecode.io/api/packages/188657?format=json","purl":"pkg:alpm/archlinux/elfutils@0.175-1","type":"alpm","namespace":"archlinux","name":"elfutils","version":"0.175-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66517?format=json","vulnerability_id":"VCID-7az6-1gng-6qe7","summary":"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18520","reference_id":"","reference_type":"","scores":[{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75905","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75913","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646477","reference_id":"1646477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646477"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414","reference_id":"911414","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188657?format=json","purl":"pkg:alpm/archlinux/elfutils@0.175-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/elfutils@0.175-1"}],"aliases":["CVE-2018-18520"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7az6-1gng-6qe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66518?format=json","vulnerability_id":"VCID-pt99-fknz-8yb1","summary":"Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18521","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28053","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.27994","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28123","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646482","reference_id":"1646482","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413","reference_id":"911413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188657?format=json","purl":"pkg:alpm/archlinux/elfutils@0.175-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/elfutils@0.175-1"}],"aliases":["CVE-2018-18521"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt99-fknz-8yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66516?format=json","vulnerability_id":"VCID-v6r9-9zqj-c7h1","summary":"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18310","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2602","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26122","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26077","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642604","reference_id":"1642604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083","reference_id":"911083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188657?format=json","purl":"pkg:alpm/archlinux/elfutils@0.175-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/elfutils@0.175-1"}],"aliases":["CVE-2018-18310"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6r9-9zqj-c7h1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/elfutils@0.175-1"}