{"url":"http://public2.vulnerablecode.io/api/packages/420362?format=json","purl":"pkg:apk/alpine/virglrenderer@0.8.1-r0?arch=aarch64&distroversion=v3.21&reponame=community","type":"apk","namespace":"alpine","name":"virglrenderer","version":"0.8.1-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.21","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.10.3-r0","latest_non_vulnerable_version":"0.10.3-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103629?format=json","vulnerability_id":"VCID-3kgk-475a-gkan","summary":"A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18388.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18388","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28976","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29046","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29012","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28977","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28944","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28954","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765578","reference_id":"1765578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765578"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420362?format=json","purl":"pkg:apk/alpine/virglrenderer@0.8.1-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/virglrenderer@0.8.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2019-18388"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kgk-475a-gkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103631?format=json","vulnerability_id":"VCID-4dgf-fgpq-nygm","summary":"An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18390.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18390","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28082","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28153","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28105","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28024","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28028","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18390"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765584","reference_id":"1765584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765584"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420362?format=json","purl":"pkg:apk/alpine/virglrenderer@0.8.1-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/virglrenderer@0.8.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2019-18390"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dgf-fgpq-nygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103630?format=json","vulnerability_id":"VCID-k5fm-sq22-3fe3","summary":"A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18389.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18389","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50309","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50317","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50299","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5027","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50289","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18389"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765577","reference_id":"1765577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765577"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942","reference_id":"946942","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420362?format=json","purl":"pkg:apk/alpine/virglrenderer@0.8.1-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/virglrenderer@0.8.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2019-18389"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5fm-sq22-3fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103632?format=json","vulnerability_id":"VCID-x4he-dzpb-jqgg","summary":"A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18391.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18391","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30052","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30015","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29986","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29958","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29971","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18391"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589","reference_id":"1765589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942","reference_id":"946942","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420362?format=json","purl":"pkg:apk/alpine/virglrenderer@0.8.1-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/virglrenderer@0.8.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2019-18391"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4he-dzpb-jqgg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/virglrenderer@0.8.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"}