{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","type":"ebuild","namespace":"dev-libs","name":"libxml2","version":"2.9.1-r1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.9.1-r4","latest_non_vulnerable_version":"2.12.5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37535?format=json","vulnerability_id":"VCID-1jrf-qst5-gyam","summary":"Use After Free\nMultiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1969","reference_id":"","reference_type":"","scores":[{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76767","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76799","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1969"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=953722","reference_id":"953722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=953722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1969","reference_id":"CVE-2013-1969","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1969"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://usn.ubuntu.com/1817-1/","reference_id":"USN-1817-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1817-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2013-1969"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jrf-qst5-gyam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37549?format=json","vulnerability_id":"VCID-43m9-cg6h-nuet","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nparser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2877","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70671","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531","reference_id":"715531","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=983204","reference_id":"983204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=983204"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2877","reference_id":"CVE-2013-2877","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2877"},{"reference_url":"https://security.gentoo.org/glsa/201309-16","reference_id":"GLSA-201309-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-16"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0513","reference_id":"RHSA-2014:0513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0513"},{"reference_url":"https://usn.ubuntu.com/1904-1/","reference_id":"USN-1904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2013-2877"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43m9-cg6h-nuet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37470?format=json","vulnerability_id":"VCID-7qqd-ze42-ayab","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5134","reference_id":"","reference_type":"","scores":[{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.84241","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.84264","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5134"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521","reference_id":"694521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=880466","reference_id":"880466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=880466"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5134","reference_id":"CVE-2012-5134","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5134"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1512","reference_id":"RHSA-2012:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0217","reference_id":"RHSA-2013:0217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0217"},{"reference_url":"https://usn.ubuntu.com/1656-1/","reference_id":"USN-1656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1656-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2012-5134"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqd-ze42-ayab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37457?format=json","vulnerability_id":"VCID-d39h-k44d-8kgx","summary":"Uncontrolled Resource Consumption\nlibxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2871","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74106","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422","reference_id":"689422","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=852935","reference_id":"852935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=852935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2871","reference_id":"CVE-2012-2871","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2871"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2012-2871"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d39h-k44d-8kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64950?format=json","vulnerability_id":"VCID-j7jf-zzvz-skgm","summary":"The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.","references":[{"reference_url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"},{"reference_url":"http://bugs.python.org/issue17239","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.python.org/issue17239"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88562","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88545","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1100282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1100282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40"},{"reference_url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664"},{"reference_url":"http://ubuntu.com/usn/usn-1757-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1757-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948","reference_id":"700948","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949","reference_id":"700949","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950","reference_id":"700950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=913808","reference_id":"913808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=913808"},{"reference_url":"https://github.com/advisories/GHSA-qrh7-x6fp-c2mp","reference_id":"GHSA-qrh7-x6fp-c2mp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qrh7-x6fp-c2mp"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0596","reference_id":"RHSA-2013:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0657","reference_id":"RHSA-2013:0657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0658","reference_id":"RHSA-2013:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0670","reference_id":"RHSA-2013:0670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0670"},{"reference_url":"https://usn.ubuntu.com/1730-1/","reference_id":"USN-1730-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1730-1/"},{"reference_url":"https://usn.ubuntu.com/1731-1/","reference_id":"USN-1731-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1731-1/"},{"reference_url":"https://usn.ubuntu.com/1734-1/","reference_id":"USN-1734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1734-1/"},{"reference_url":"https://usn.ubuntu.com/1757-1/","reference_id":"USN-1757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1757-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2013-1664","GHSA-qrh7-x6fp-c2mp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jf-zzvz-skgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37536?format=json","vulnerability_id":"VCID-kmvz-pynk-p7fn","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0338","reference_id":"","reference_type":"","scores":[{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71818","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260","reference_id":"702260","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=912400","reference_id":"912400","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=912400"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0338","reference_id":"CVE-2013-0338","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0338"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0581","reference_id":"RHSA-2013:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0581"},{"reference_url":"https://usn.ubuntu.com/1782-1/","reference_id":"USN-1782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192151?format=json","purl":"pkg:ebuild/dev-libs/libxml2@2.9.1-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}],"aliases":["CVE-2013-0338"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmvz-pynk-p7fn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1"}