{"url":"http://public2.vulnerablecode.io/api/packages/306901?format=json","purl":"pkg:apk/alpine/libass@0.13.4-r0?arch=armv7&distroversion=v3.14&reponame=community","type":"apk","namespace":"alpine","name":"libass","version":"0.13.4-r0","qualifiers":{"arch":"armv7","distroversion":"v3.14","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/231272?format=json","vulnerability_id":"VCID-113w-1s4z-sub7","summary":"Multiple vulnerabilities have been found in libass, the worst of\n    which have unknown impacts.","references":[{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201702-25","reference_id":"GLSA-201702-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/306901?format=json","purl":"pkg:apk/alpine/libass@0.13.4-r0?arch=armv7&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community"}],"aliases":["CVE-2016-7971"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-113w-1s4z-sub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75543?format=json","vulnerability_id":"VCID-2gu4-rpb5-bfgy","summary":"The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7972","reference_id":"","reference_type":"","scores":[{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85475","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85499","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85504","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.855","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02449","scoring_system":"epss","scoring_elements":"0.85485","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7972"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201702-25","reference_id":"GLSA-201702-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-25"},{"reference_url":"https://usn.ubuntu.com/USN-4797-1/","reference_id":"USN-USN-4797-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4797-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/306901?format=json","purl":"pkg:apk/alpine/libass@0.13.4-r0?arch=armv7&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community"}],"aliases":["CVE-2016-7972"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gu4-rpb5-bfgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75541?format=json","vulnerability_id":"VCID-jy8n-97mf-rqas","summary":"The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7969","reference_id":"","reference_type":"","scores":[{"value":"0.03981","scoring_system":"epss","scoring_elements":"0.8861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03981","scoring_system":"epss","scoring_elements":"0.88627","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03981","scoring_system":"epss","scoring_elements":"0.88629","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03981","scoring_system":"epss","scoring_elements":"0.88628","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03981","scoring_system":"epss","scoring_elements":"0.88644","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7969"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201702-25","reference_id":"GLSA-201702-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-25"},{"reference_url":"https://usn.ubuntu.com/USN-4797-1/","reference_id":"USN-USN-4797-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4797-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/306901?format=json","purl":"pkg:apk/alpine/libass@0.13.4-r0?arch=armv7&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community"}],"aliases":["CVE-2016-7969"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy8n-97mf-rqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75542?format=json","vulnerability_id":"VCID-uvw8-62fa-qfh5","summary":"Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7970","reference_id":"","reference_type":"","scores":[{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80089","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80095","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80085","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80059","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80083","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80075","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7970"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201702-25","reference_id":"GLSA-201702-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-25"},{"reference_url":"https://usn.ubuntu.com/USN-4797-1/","reference_id":"USN-USN-4797-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4797-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/306901?format=json","purl":"pkg:apk/alpine/libass@0.13.4-r0?arch=armv7&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community"}],"aliases":["CVE-2016-7970"],"risk_score":0.7,"exploitability":"0.5","weighted_severity":"1.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvw8-62fa-qfh5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community"}