{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","type":"apk","namespace":"alpine","name":"radare2","version":"3.9.0-r0","qualifiers":{"arch":"ppc64le","distroversion":"v3.16","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.5.0-r0","latest_non_vulnerable_version":"4.5.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99737?format=json","vulnerability_id":"VCID-hc94-w17q-8qde","summary":"In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55067","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55075","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55066","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55049","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55069","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510","reference_id":"930510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2019-12802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hc94-w17q-8qde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99740?format=json","vulnerability_id":"VCID-qvzx-rwr6-skhn","summary":"In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745","reference_id":"","reference_type":"","scores":[{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89524","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89523","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89522","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.8954","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204","reference_id":"934204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2019-14745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvzx-rwr6-skhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99736?format=json","vulnerability_id":"VCID-w7qv-mcd3-dyb9","summary":"In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63635","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63684","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63665","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344","reference_id":"930344","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2019-12790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7qv-mcd3-dyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99738?format=json","vulnerability_id":"VCID-x6k2-ck4s-puhy","summary":"radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829","reference_id":"","reference_type":"","scores":[{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.6967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.6971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69718","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69696","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590","reference_id":"930590","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2019-12829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6k2-ck4s-puhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99739?format=json","vulnerability_id":"VCID-y9hs-4bc5-mfgu","summary":"In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39495","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39466","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39436","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704","reference_id":"930704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375600?format=json","purl":"pkg:apk/alpine/radare2@3.9.0-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2019-12865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hs-4bc5-mfgu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@3.9.0-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"}