{"url":"http://public2.vulnerablecode.io/api/packages/37260?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7?distro=trixie","type":"deb","namespace":"debian","name":"dillo","version":"3.0.5-7","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.0.5-7.1","latest_non_vulnerable_version":"3.0.5-7.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179879?format=json","vulnerability_id":"VCID-1j35-e7bp-cqcw","summary":"An integer overflow in the PNG handling of Dillo might result in the remote\n    execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2294.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2294","reference_id":"","reference_type":"","scores":[{"value":"0.01904","scoring_system":"epss","scoring_elements":"0.83651","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=509921","reference_id":"509921","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=509921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535788","reference_id":"535788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535788"},{"reference_url":"https://security.gentoo.org/glsa/200908-10","reference_id":"GLSA-200908-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200908-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37266?format=json","purl":"pkg:deb/debian/dillo@3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37260?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37264?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37263?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7.2%3Fdistro=trixie"}],"aliases":["CVE-2009-2294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j35-e7bp-cqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199927?format=json","vulnerability_id":"VCID-kp5m-qkws-8qhe","summary":"Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0012","reference_id":"","reference_type":"","scores":[{"value":"0.02695","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37262?format=json","purl":"pkg:deb/debian/dillo@0.8.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@0.8.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37260?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37264?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37263?format=json","purl":"pkg:deb/debian/dillo@3.0.5-7.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7.2%3Fdistro=trixie"}],"aliases":["CVE-2005-0012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp5m-qkws-8qhe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dillo@3.0.5-7%3Fdistro=trixie"}