{"url":"http://public2.vulnerablecode.io/api/packages/5018?format=json","purl":"pkg:deb/debian/file@3.24-4","type":"deb","namespace":"debian","name":"file","version":"3.24-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:5.39-3+deb11u1","latest_non_vulnerable_version":"1:5.39-3+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67898?format=json","vulnerability_id":"VCID-1s3x-b1vy-qyef","summary":"file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3538","reference_id":"","reference_type":"","scores":[{"value":"0.33041","scoring_system":"epss","scoring_elements":"0.96988","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098222","reference_id":"1098222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1327","reference_id":"RHSA-2014:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3538"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1s3x-b1vy-qyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67894?format=json","vulnerability_id":"VCID-2873-ph57-vqhd","summary":"Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3478","reference_id":"","reference_type":"","scores":[{"value":"0.37602","scoring_system":"epss","scoring_elements":"0.97279","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"http://mx.gw.com/pipermail/file/2014/001553.html","reference_id":"001553.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://mx.gw.com/pipermail/file/2014/001553.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104863","reference_id":"1104863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104863"},{"reference_url":"https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08","reference_id":"27a14bc7ba285a0a5ebfdb55e54001aa11932b08","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"},{"reference_url":"http://secunia.com/advisories/59794","reference_id":"59794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://secunia.com/advisories/59794"},{"reference_url":"http://secunia.com/advisories/59831","reference_id":"59831","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://secunia.com/advisories/59831"},{"reference_url":"http://www.securityfocus.com/bid/68239","reference_id":"68239","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://www.securityfocus.com/bid/68239"},{"reference_url":"https://bugs.php.net/bug.php?id=67410","reference_id":"bug.php?id=67410","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"https://bugs.php.net/bug.php?id=67410"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"ChangeLog-5.php","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.debian.org/security/2014/dsa-2974","reference_id":"dsa-2974","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://www.debian.org/security/2014/dsa-2974"},{"reference_url":"http://www.debian.org/security/2014/dsa-3021","reference_id":"dsa-3021","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://www.debian.org/security/2014/dsa-3021"},{"reference_url":"https://support.apple.com/HT204659","reference_id":"HT204659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"https://support.apple.com/HT204659"},{"reference_url":"http://support.apple.com/kb/HT6443","reference_id":"HT6443","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://support.apple.com/kb/HT6443"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1327","reference_id":"RHSA-2014:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1327"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1327.html","reference_id":"RHSA-2014-1327.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1327.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html","reference_id":"RHSA-2014-1765.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html","reference_id":"RHSA-2014-1766.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:26:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3478"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2873-ph57-vqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6134?format=json","vulnerability_id":"VCID-2j7b-43x6-6fh8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8907","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.6759","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679138","reference_id":"1679138","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679138"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968","reference_id":"922968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968"},{"reference_url":"https://security.archlinux.org/ASA-201903-5","reference_id":"ASA-201903-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-5"},{"reference_url":"https://security.archlinux.org/AVG-907","reference_id":"AVG-907","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-907"},{"reference_url":"https://usn.ubuntu.com/3911-1/","reference_id":"USN-3911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:deb/debian/file@1:5.35-4%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68bn-52v7-pucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2"}],"aliases":["CVE-2019-8907"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2j7b-43x6-6fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6137?format=json","vulnerability_id":"VCID-2wcw-hej1-1qaq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8904","reference_id":"","reference_type":"","scores":[{"value":"0.01089","scoring_system":"epss","scoring_elements":"0.78265","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8904"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679188","reference_id":"1679188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679188"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967","reference_id":"922967","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922967"},{"reference_url":"https://security.archlinux.org/ASA-201903-5","reference_id":"ASA-201903-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-5"},{"reference_url":"https://security.archlinux.org/AVG-907","reference_id":"AVG-907","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-907"},{"reference_url":"https://usn.ubuntu.com/3911-1/","reference_id":"USN-3911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:deb/debian/file@1:5.35-4%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68bn-52v7-pucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2"}],"aliases":["CVE-2019-8904"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wcw-hej1-1qaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67900?format=json","vulnerability_id":"VCID-5f4s-ce83-pkcw","summary":"The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3710","reference_id":"","reference_type":"","scores":[{"value":"0.08075","scoring_system":"epss","scoring_elements":"0.92289","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1155071","reference_id":"1155071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1155071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806","reference_id":"768806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806"},{"reference_url":"https://security.gentoo.org/glsa/201503-03","reference_id":"GLSA-201503-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-03"},{"reference_url":"https://security.gentoo.org/glsa/201701-42","reference_id":"GLSA-201701-42","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1767","reference_id":"RHSA-2014:1767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1768","reference_id":"RHSA-2014:1768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/2391-1/","reference_id":"USN-2391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2391-1/"},{"reference_url":"https://usn.ubuntu.com/2494-1/","reference_id":"USN-2494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2494-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3710"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f4s-ce83-pkcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5989?format=json","vulnerability_id":"VCID-68bn-52v7-pucm","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18218","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3851","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765272","reference_id":"1765272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765272"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830","reference_id":"942830","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830"},{"reference_url":"https://security.archlinux.org/ASA-202001-2","reference_id":"ASA-202001-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-2"},{"reference_url":"https://security.archlinux.org/AVG-1083","reference_id":"AVG-1083","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1083"},{"reference_url":"https://security.gentoo.org/glsa/202003-24","reference_id":"GLSA-202003-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4374","reference_id":"RHSA-2021:4374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4374"},{"reference_url":"https://usn.ubuntu.com/4172-1/","reference_id":"USN-4172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4172-1/"},{"reference_url":"https://usn.ubuntu.com/4172-2/","reference_id":"USN-4172-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4172-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5031?format=json","purl":"pkg:deb/debian/file@1:5.30-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:deb/debian/file@1:5.35-4%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68bn-52v7-pucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5557?format=json","purl":"pkg:deb/debian/file@1:5.39-3%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1"}],"aliases":["CVE-2019-18218"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68bn-52v7-pucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67896?format=json","vulnerability_id":"VCID-84y5-7hge-vbhn","summary":"The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3480","reference_id":"","reference_type":"","scores":[{"value":"0.03336","scoring_system":"epss","scoring_elements":"0.87519","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"http://mx.gw.com/pipermail/file/2014/001553.html","reference_id":"001553.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://mx.gw.com/pipermail/file/2014/001553.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104858","reference_id":"1104858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104858"},{"reference_url":"https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382","reference_id":"40bade80cbe2af1d0b2cd0420cebd5d5905a2382","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382"},{"reference_url":"http://secunia.com/advisories/59794","reference_id":"59794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://secunia.com/advisories/59794"},{"reference_url":"http://secunia.com/advisories/59831","reference_id":"59831","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://secunia.com/advisories/59831"},{"reference_url":"http://www.securityfocus.com/bid/68238","reference_id":"68238","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.securityfocus.com/bid/68238"},{"reference_url":"https://bugs.php.net/bug.php?id=67412","reference_id":"bug.php?id=67412","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://bugs.php.net/bug.php?id=67412"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"ChangeLog-5.php","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.debian.org/security/2014/dsa-2974","reference_id":"dsa-2974","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.debian.org/security/2014/dsa-2974"},{"reference_url":"http://www.debian.org/security/2014/dsa-3021","reference_id":"dsa-3021","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.debian.org/security/2014/dsa-3021"},{"reference_url":"https://support.apple.com/HT204659","reference_id":"HT204659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://support.apple.com/HT204659"},{"reference_url":"http://support.apple.com/kb/HT6443","reference_id":"HT6443","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://support.apple.com/kb/HT6443"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html","reference_id":"RHSA-2014-1765.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html","reference_id":"RHSA-2014-1766.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3480"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84y5-7hge-vbhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67906?format=json","vulnerability_id":"VCID-85yn-4pxf-akht","summary":"readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9653","reference_id":"","reference_type":"","scores":[{"value":"0.06827","scoring_system":"epss","scoring_elements":"0.91499","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190116","reference_id":"1190116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190116"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777585","reference_id":"777585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777585"},{"reference_url":"https://security.gentoo.org/glsa/201701-42","reference_id":"GLSA-201701-42","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/3686-1/","reference_id":"USN-3686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-9653"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85yn-4pxf-akht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67895?format=json","vulnerability_id":"VCID-avrk-szvf-13av","summary":"The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3479","reference_id":"","reference_type":"","scores":[{"value":"0.05923","scoring_system":"epss","scoring_elements":"0.90782","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104869","reference_id":"1104869","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3479"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avrk-szvf-13av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67903?format=json","vulnerability_id":"VCID-cfsm-er88-1uc2","summary":"The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9620.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9620","reference_id":"","reference_type":"","scores":[{"value":"0.072","scoring_system":"epss","scoring_elements":"0.91743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1180639","reference_id":"1180639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1180639"},{"reference_url":"https://security.gentoo.org/glsa/201503-08","reference_id":"GLSA-201503-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/3686-1/","reference_id":"USN-3686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-9620"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfsm-er88-1uc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67892?format=json","vulnerability_id":"VCID-cuyy-h7c4-bkdj","summary":"Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1943","reference_id":"","reference_type":"","scores":[{"value":"0.24895","scoring_system":"epss","scoring_elements":"0.96262","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065836","reference_id":"1065836","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065836"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832","reference_id":"738832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832"},{"reference_url":"https://security.gentoo.org/glsa/201403-03","reference_id":"GLSA-201403-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201403-03"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://usn.ubuntu.com/2123-1/","reference_id":"USN-2123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2123-1/"},{"reference_url":"https://usn.ubuntu.com/2126-1/","reference_id":"USN-2126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2126-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-1943"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuyy-h7c4-bkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67902?format=json","vulnerability_id":"VCID-fmz4-96xm-ebd6","summary":"softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8117.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8117","reference_id":"","reference_type":"","scores":[{"value":"0.16453","scoring_system":"epss","scoring_elements":"0.95007","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174606","reference_id":"1174606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174606"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148","reference_id":"773148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148"},{"reference_url":"https://security.gentoo.org/glsa/201412-48","reference_id":"GLSA-201412-48","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/2494-1/","reference_id":"USN-2494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2494-1/"},{"reference_url":"https://usn.ubuntu.com/2535-1/","reference_id":"USN-2535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2535-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-8117"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmz4-96xm-ebd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67905?format=json","vulnerability_id":"VCID-gc82-p6sr-c7ew","summary":"The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9652","reference_id":"","reference_type":"","scores":[{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188599","reference_id":"1188599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188599"},{"reference_url":"https://security.gentoo.org/glsa/201701-42","reference_id":"GLSA-201701-42","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-9652"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc82-p6sr-c7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67897?format=json","vulnerability_id":"VCID-k6m7-rzf9-a3hy","summary":"The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3487","reference_id":"","reference_type":"","scores":[{"value":"0.14502","scoring_system":"epss","scoring_elements":"0.94576","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1107544","reference_id":"1107544","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1107544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3487"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m7-rzf9-a3hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67893?format=json","vulnerability_id":"VCID-kuga-71fb-c7gu","summary":"softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2270","reference_id":"","reference_type":"","scores":[{"value":"0.30772","scoring_system":"epss","scoring_elements":"0.9682","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072220","reference_id":"1072220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072220"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://security.gentoo.org/glsa/201503-08","reference_id":"GLSA-201503-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://usn.ubuntu.com/2162-1/","reference_id":"USN-2162-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2162-1/"},{"reference_url":"https://usn.ubuntu.com/2163-1/","reference_id":"USN-2163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-2270"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuga-71fb-c7gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67890?format=json","vulnerability_id":"VCID-mwnw-synf-fbc1","summary":"The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0237","reference_id":"","reference_type":"","scores":[{"value":"0.2611","scoring_system":"epss","scoring_elements":"0.96387","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098193","reference_id":"1098193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098193"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2254-1/","reference_id":"USN-2254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2254-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-0237"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwnw-synf-fbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67901?format=json","vulnerability_id":"VCID-n8fm-snfw-w3br","summary":"The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8116","reference_id":"","reference_type":"","scores":[{"value":"0.15876","scoring_system":"epss","scoring_elements":"0.94872","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1171580","reference_id":"1171580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1171580"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148","reference_id":"773148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/2494-1/","reference_id":"USN-2494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2494-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-8116"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8fm-snfw-w3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6135?format=json","vulnerability_id":"VCID-qdn9-f94n-83dz","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8906","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679175","reference_id":"1679175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679175"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969","reference_id":"922969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969"},{"reference_url":"https://security.archlinux.org/ASA-201903-5","reference_id":"ASA-201903-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-5"},{"reference_url":"https://security.archlinux.org/AVG-907","reference_id":"AVG-907","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-907"},{"reference_url":"https://usn.ubuntu.com/3911-1/","reference_id":"USN-3911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:deb/debian/file@1:5.35-4%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68bn-52v7-pucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2"}],"aliases":["CVE-2019-8906"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdn9-f94n-83dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67899?format=json","vulnerability_id":"VCID-qqgd-zrvc-2uaf","summary":"Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3587","reference_id":"","reference_type":"","scores":[{"value":"0.30214","scoring_system":"epss","scoring_elements":"0.96769","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128587","reference_id":"1128587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1326","reference_id":"RHSA-2014:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1327","reference_id":"RHSA-2014:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0760","reference_id":"RHSA-2016:0760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0760"},{"reference_url":"https://usn.ubuntu.com/2344-1/","reference_id":"USN-2344-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2344-1/"},{"reference_url":"https://usn.ubuntu.com/2369-1/","reference_id":"USN-2369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-3587"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqgd-zrvc-2uaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67887?format=json","vulnerability_id":"VCID-scd1-g67x-3ybp","summary":"The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7345","reference_id":"","reference_type":"","scores":[{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.7864","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1079846","reference_id":"1079846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1079846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993","reference_id":"703993","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"},{"reference_url":"https://security.gentoo.org/glsa/201408-08","reference_id":"GLSA-201408-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-08"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2013-7345"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scd1-g67x-3ybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6136?format=json","vulnerability_id":"VCID-tuqp-1bxj-y7bz","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8905","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2952","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679181","reference_id":"1679181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679181"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968","reference_id":"922968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968"},{"reference_url":"https://security.archlinux.org/ASA-201903-5","reference_id":"ASA-201903-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-5"},{"reference_url":"https://security.archlinux.org/AVG-907","reference_id":"AVG-907","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-907"},{"reference_url":"https://usn.ubuntu.com/3911-1/","reference_id":"USN-3911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5283?format=json","purl":"pkg:deb/debian/file@1:5.35-4%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68bn-52v7-pucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.35-4%252Bdeb10u2"}],"aliases":["CVE-2019-8905"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqp-1bxj-y7bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67910?format=json","vulnerability_id":"VCID-xtck-bmnz-qkfs","summary":"An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000249.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000249","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33558","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000249"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488053","reference_id":"1488053","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488053"},{"reference_url":"https://security.gentoo.org/glsa/201710-02","reference_id":"GLSA-201710-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-02"},{"reference_url":"https://usn.ubuntu.com/3412-1/","reference_id":"USN-3412-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3412-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5031?format=json","purl":"pkg:deb/debian/file@1:5.30-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.30-1%252Bdeb9u3"}],"aliases":["CVE-2017-1000249"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtck-bmnz-qkfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67891?format=json","vulnerability_id":"VCID-xvxf-js9u-yyff","summary":"The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0238","reference_id":"","reference_type":"","scores":[{"value":"0.24474","scoring_system":"epss","scoring_elements":"0.96216","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098155","reference_id":"1098155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098155"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2254-1/","reference_id":"USN-2254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2254-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-0238"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxf-js9u-yyff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67888?format=json","vulnerability_id":"VCID-zqdy-kvwk-3ubd","summary":"The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0207","reference_id":"","reference_type":"","scores":[{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92932","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"http://mx.gw.com/pipermail/file/2014/001553.html","reference_id":"001553.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://mx.gw.com/pipermail/file/2014/001553.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091842","reference_id":"1091842","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091842"},{"reference_url":"http://secunia.com/advisories/59794","reference_id":"59794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://secunia.com/advisories/59794"},{"reference_url":"http://secunia.com/advisories/59831","reference_id":"59831","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://secunia.com/advisories/59831"},{"reference_url":"http://www.securityfocus.com/bid/68243","reference_id":"68243","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.securityfocus.com/bid/68243"},{"reference_url":"https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391","reference_id":"6d209c1c489457397a5763bca4b28e43aac90391","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"},{"reference_url":"https://bugs.php.net/bug.php?id=67326","reference_id":"bug.php?id=67326","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://bugs.php.net/bug.php?id=67326"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"ChangeLog-5.php","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.debian.org/security/2014/dsa-2974","reference_id":"dsa-2974","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.debian.org/security/2014/dsa-2974"},{"reference_url":"http://www.debian.org/security/2014/dsa-3021","reference_id":"dsa-3021","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.debian.org/security/2014/dsa-3021"},{"reference_url":"https://support.apple.com/HT204659","reference_id":"HT204659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://support.apple.com/HT204659"},{"reference_url":"http://support.apple.com/kb/HT6443","reference_id":"HT6443","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://support.apple.com/kb/HT6443"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html","reference_id":"RHSA-2014-1765.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html","reference_id":"RHSA-2014-1766.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5027?format=json","purl":"pkg:deb/debian/file@5.11-2%2Bdeb7u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7b-43x6-6fh8"},{"vulnerability":"VCID-2wcw-hej1-1qaq"},{"vulnerability":"VCID-68bn-52v7-pucm"},{"vulnerability":"VCID-qdn9-f94n-83dz"},{"vulnerability":"VCID-tuqp-1bxj-y7bz"},{"vulnerability":"VCID-xtck-bmnz-qkfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@5.11-2%252Bdeb7u8"}],"aliases":["CVE-2014-0207"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdy-kvwk-3ubd"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@3.24-4"}