Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/515727?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/515727?format=api", "purl": "pkg:deb/debian/libextractor@0.5.20c-1", "type": "deb", "namespace": "debian", "name": "libextractor", "version": "0.5.20c-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:1.11-2", "latest_non_vulnerable_version": "1:1.11-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76017?format=api", "vulnerability_id": "VCID-6bqc-un4n-nke9", "summary": "In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58708", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58754", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.5876", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58752", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58737", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15266" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314", "reference_id": "878314", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15266" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bqc-un4n-nke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76020?format=api", "vulnerability_id": "VCID-7t2c-2xj8-67h6", "summary": "In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63068", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63076", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63066", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63053", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63071", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15601" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15601" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t2c-2xj8-67h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61290?format=api", "vulnerability_id": "VCID-crrp-38db-67ez", "summary": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3736.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30649", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30722", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30689", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30656", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30624", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30641", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941", "reference_id": "537941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559797", "reference_id": "559797", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559797" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559801", "reference_id": "559801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559801" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559806", "reference_id": "559806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559809", "reference_id": "559809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559809" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559811", "reference_id": "559811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559811" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814", "reference_id": "559814", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559815", "reference_id": "559815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559815" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559816", "reference_id": "559816", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559816" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559819", "reference_id": "559819", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559819" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559822", "reference_id": "559822", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559822" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559824", "reference_id": "559824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559824" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559825", "reference_id": "559825", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559825" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559826", "reference_id": "559826", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559826" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559829", "reference_id": "559829", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559829" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559831", "reference_id": "559831", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559831" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559832", "reference_id": "559832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559832" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559833", "reference_id": "559833", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559833" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559834", "reference_id": "559834", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559834" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559835", "reference_id": "559835", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559835" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836", "reference_id": "559836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559837", "reference_id": "559837", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559837" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559840", "reference_id": "559840", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559840" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559844", "reference_id": "559844", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559844" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559845", "reference_id": "559845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702436", "reference_id": "702436", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702436" }, { "reference_url": "https://security.gentoo.org/glsa/201311-10", "reference_id": "GLSA-201311-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-10" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1646", "reference_id": "RHSA-2009:1646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0039", "reference_id": "RHSA-2010:0039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0039" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515728?format=api", "purl": "pkg:deb/debian/libextractor@1:0.5.23%2Bdfsg-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:0.5.23%252Bdfsg-7" } ], "aliases": [ "CVE-2009-3736" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-crrp-38db-67ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76033?format=api", "vulnerability_id": "VCID-cszh-vnya-aue1", "summary": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68826", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68865", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68873", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68866", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.6885", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68869", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904905", "reference_id": "904905", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904905" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515732?format=api", "purl": "pkg:deb/debian/libextractor@1:1.3-4%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.3-4%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14347" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cszh-vnya-aue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76027?format=api", "vulnerability_id": "VCID-e7d8-z99q-jkem", "summary": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67643", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67636", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67632", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67634", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67617", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17440", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17440" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883528", "reference_id": "883528", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883528" }, { "reference_url": "https://security.archlinux.org/ASA-201807-16", "reference_id": "ASA-201807-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-16" }, { "reference_url": "https://security.archlinux.org/AVG-541", "reference_id": "AVG-541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-541" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-17440" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7d8-z99q-jkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76030?format=api", "vulnerability_id": "VCID-evt3-ts2m-qqba", "summary": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66159", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6621", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6622", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66203", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6619", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66209", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904903", "reference_id": "904903", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904903" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515732?format=api", "purl": "pkg:deb/debian/libextractor@1:1.3-4%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.3-4%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14346" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evt3-ts2m-qqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76019?format=api", "vulnerability_id": "VCID-hdqp-eegr-fbem", "summary": "In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.82394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.82421", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.8242", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.82419", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.82412", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01659", "scoring_system": "epss", "scoring_elements": "0.82426", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15600" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15600" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdqp-eegr-fbem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76038?format=api", "vulnerability_id": "VCID-hjun-jyuh-mffc", "summary": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01085", "scoring_system": "epss", "scoring_elements": "0.78235", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01085", "scoring_system": "epss", "scoring_elements": "0.78253", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78436", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78463", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78471", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78461", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15531" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935553", "reference_id": "935553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/519170?format=api", "purl": "pkg:deb/debian/libextractor@1:1.11-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.11-2" } ], "aliases": [ "CVE-2019-15531" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjun-jyuh-mffc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76024?format=api", "vulnerability_id": "VCID-k239-68wu-1bgp", "summary": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39022", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39018", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38978", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38994", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38967", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880016", "reference_id": "880016", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880016" }, { "reference_url": "https://security.archlinux.org/ASA-201711-16", "reference_id": "ASA-201711-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-16" }, { "reference_url": "https://security.archlinux.org/AVG-471", "reference_id": "AVG-471", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-471" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15922" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k239-68wu-1bgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76037?format=api", "vulnerability_id": "VCID-sqaa-y9vd-2qb3", "summary": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69048", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69087", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69097", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69091", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69075", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69095", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917213", "reference_id": "917213", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917213" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515732?format=api", "purl": "pkg:deb/debian/libextractor@1:1.3-4%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.3-4%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2018-20431" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqaa-y9vd-2qb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76021?format=api", "vulnerability_id": "VCID-vejq-m5jb-3yhv", "summary": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61519", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61574", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61563", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61547", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61566", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15602" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15602" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vejq-m5jb-3yhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76018?format=api", "vulnerability_id": "VCID-x8vx-wm5e-dfhn", "summary": "In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71498", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71542", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71548", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71508", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71531", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15267" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314", "reference_id": "878314", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15267" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8vx-wm5e-dfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76036?format=api", "vulnerability_id": "VCID-y4xg-2byu-7kcu", "summary": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68975", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69015", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69024", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69017", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69001", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69021", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917214", "reference_id": "917214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917214" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515732?format=api", "purl": "pkg:deb/debian/libextractor@1:1.3-4%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.3-4%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2018-20430" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4xg-2byu-7kcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76035?format=api", "vulnerability_id": "VCID-ze5d-xgap-3bgk", "summary": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80486", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80512", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80514", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80511", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80506", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80527", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907987", "reference_id": "907987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907987" }, { "reference_url": "https://usn.ubuntu.com/4641-1/", "reference_id": "USN-4641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/515732?format=api", "purl": "pkg:deb/debian/libextractor@1:1.3-4%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bqc-un4n-nke9" }, { "vulnerability": "VCID-7t2c-2xj8-67h6" }, { "vulnerability": "VCID-cszh-vnya-aue1" }, { "vulnerability": "VCID-e7d8-z99q-jkem" }, { "vulnerability": "VCID-evt3-ts2m-qqba" }, { "vulnerability": "VCID-hdqp-eegr-fbem" }, { "vulnerability": "VCID-hjun-jyuh-mffc" }, { "vulnerability": "VCID-k239-68wu-1bgp" }, { "vulnerability": "VCID-sqaa-y9vd-2qb3" }, { "vulnerability": "VCID-vejq-m5jb-3yhv" }, { "vulnerability": "VCID-x8vx-wm5e-dfhn" }, { "vulnerability": "VCID-y4xg-2byu-7kcu" }, { "vulnerability": "VCID-ze5d-xgap-3bgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.3-4%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/517823?format=api", "purl": "pkg:deb/debian/libextractor@1:1.8-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjun-jyuh-mffc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@1:1.8-2%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16430" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze5d-xgap-3bgk" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libextractor@0.5.20c-1" }