{"url":"http://public2.vulnerablecode.io/api/packages/559216?format=json","purl":"pkg:npm/opencc@0.4.2","type":"npm","namespace":"","name":"opencc","version":"0.4.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.0","latest_non_vulnerable_version":"1.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5026?format=json","vulnerability_id":"VCID-2949-rd63-cybq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16982.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16982","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53534","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16982"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/BYVoid/OpenCC","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC"},{"reference_url":"https://github.com/BYVoid/OpenCC/commit/4a4f9e58e505fca93605f22363c133df66a91a5e","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/commit/4a4f9e58e505fca93605f22363c133df66a91a5e"},{"reference_url":"https://github.com/BYVoid/OpenCC/issues/303","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/issues/303"},{"reference_url":"https://github.com/BYVoid/OpenCC/pull/309","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/pull/309"},{"reference_url":"https://github.com/BYVoid/OpenCC/pull/560","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/pull/560"},{"reference_url":"https://github.com/BYVoid/OpenCC/pull/560/commits/e1b8c7949738100e4747dd4109ef1f16e1bd99c4","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/pull/560/commits/e1b8c7949738100e4747dd4109ef1f16e1bd99c4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/opencc-py/PYSEC-2018-153.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/opencc-py/PYSEC-2018-153.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16982","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1629955","reference_id":"1629955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1629955"},{"reference_url":"https://github.com/advisories/GHSA-9qh2-6fxg-9m4g","reference_id":"GHSA-9qh2-6fxg-9m4g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9qh2-6fxg-9m4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386463?format=json","purl":"pkg:npm/opencc@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k81u-yz5j-vkcw"},{"vulnerability":"VCID-ukqm-dufe-mfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/opencc@1.1.2"}],"aliases":["CVE-2018-16982","GHSA-9qh2-6fxg-9m4g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2949-rd63-cybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22657?format=json","vulnerability_id":"VCID-k81u-yz5j-vkcw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15536.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15536","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03628","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15536"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/BYVoid/OpenCC","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC"},{"reference_url":"https://github.com/BYVoid/OpenCC/pull/1005","reference_id":"1005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://github.com/BYVoid/OpenCC/pull/1005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126286","reference_id":"1126286","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126286"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430670","reference_id":"2430670","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430670"},{"reference_url":"https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec","reference_id":"345c9a50ab07018f1b4439776bad78a0d40778ec","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec"},{"reference_url":"https://github.com/BYVoid/OpenCC/issues/997","reference_id":"997","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://github.com/BYVoid/OpenCC/issues/997"},{"reference_url":"https://vuldb.com/?ctiid.341708","reference_id":"?ctiid.341708","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://vuldb.com/?ctiid.341708"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15536","reference_id":"CVE-2025-15536","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15536"},{"reference_url":"https://github.com/advisories/GHSA-5pr6-crvp-2j9f","reference_id":"GHSA-5pr6-crvp-2j9f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pr6-crvp-2j9f"},{"reference_url":"https://vuldb.com/?id.341708","reference_id":"?id.341708","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://vuldb.com/?id.341708"},{"reference_url":"https://github.com/BYVoid/OpenCC/","reference_id":"OpenCC","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://github.com/BYVoid/OpenCC/"},{"reference_url":"https://github.com/oneafter/1222/blob/main/repro","reference_id":"repro","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://github.com/oneafter/1222/blob/main/repro"},{"reference_url":"https://vuldb.com/?submit.733347","reference_id":"?submit.733347","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T17:06:49Z/"}],"url":"https://vuldb.com/?submit.733347"},{"reference_url":"https://usn.ubuntu.com/7972-1/","reference_id":"USN-7972-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7972-1/"},{"reference_url":"https://usn.ubuntu.com/7972-2/","reference_id":"USN-7972-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7972-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37888?format=json","purl":"pkg:npm/opencc@1.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/opencc@1.2.0"}],"aliases":["CVE-2025-15536","GHSA-5pr6-crvp-2j9f"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k81u-yz5j-vkcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360070?format=json","vulnerability_id":"VCID-ukqm-dufe-mfg7","summary":"OpenCC  has an Out-of-bounds read when processing truncated UTF-8 input\n### Summary\n\nOpenCC versions before 1.2.0 contain two `CWE-125: Out-of-bounds Read` issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not exceed the remaining input buffer. This could result in out-of-bounds reads during segmentation or conversion.\n\n### Details\n\nTwo independent code paths in OpenCC failed to enforce the invariant:\n\n`matchedLength <= remainingLength`\n\nBoth paths assumed derived length values were valid and within input bounds, but did not validate that assumption against the remaining buffer. This created the following failure chain:\n\n`invalid UTF-8 -> incorrect derived length -> incorrect pointer advance -> remaining-length desynchronization -> out-of-bounds read`\n\nIn `MaxMatchSegmentation::Segment`, this could desynchronize remaining-length tracking and cause out-of-bounds reads during prefix matching.\n\nIn `Conversion::Convert(const char*)`, similar logic could advance processing past the end of the input string and read beyond the null terminator into adjacent memory. In some cases, unintended heap bytes could be propagated into the conversion result.\n\nPR #1005 fixes both issues by explicitly tracking input boundaries, recomputing remaining length on each iteration, and clamping processed lengths so the buffer-bound invariant is preserved.\n\nAffected versions:\n\n* All versions before 1.2.0\n\nPatched version:\n\n* 1.2.0\n\n### PoC\n\nBuild a vulnerable version with AddressSanitizer enabled and process input ending with a truncated UTF-8 sequence, such as a missing final byte of a 3-byte character. The original report and ASan reproduction are available in [Issue #997](https://github.com/BYVoid/OpenCC/issues/997).\n\n### Impact\n\nThis vulnerability may cause process crashes and limited, non-deterministic information disclosure when OpenCC processes malformed or attacker-controlled UTF-8 input. The issue does not indicate arbitrary write or code execution.\n\nOpenCC is distributed through system and language-specific package managers, prebuilt binaries, container images, and downstream software, so affected versions may be present even when it is not listed as a direct dependency. Users should upgrade all installed or bundled copies of OpenCC to 1.2.0 or later.\n\n### Credit\n\nOpenCC thanks @oneafter for reporting the issue.","references":[{"reference_url":"https://github.com/BYVoid/OpenCC","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC"},{"reference_url":"https://github.com/BYVoid/OpenCC/releases/tag/ver.1.2.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/releases/tag/ver.1.2.0"},{"reference_url":"https://github.com/BYVoid/OpenCC/security/advisories/GHSA-7fqq-q52p-2jjg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/BYVoid/OpenCC/security/advisories/GHSA-7fqq-q52p-2jjg"},{"reference_url":"https://github.com/advisories/GHSA-7fqq-q52p-2jjg","reference_id":"GHSA-7fqq-q52p-2jjg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7fqq-q52p-2jjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37888?format=json","purl":"pkg:npm/opencc@1.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/opencc@1.2.0"}],"aliases":["GHSA-7fqq-q52p-2jjg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukqm-dufe-mfg7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/opencc@0.4.2"}