{"url":"http://public2.vulnerablecode.io/api/packages/923705?format=json","purl":"pkg:deb/debian/gnupg2@2.0.26-5?distro=trixie","type":"deb","namespace":"debian","name":"gnupg2","version":"2.0.26-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.2.7-1","latest_non_vulnerable_version":"2.4.8-5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57735?format=json","vulnerability_id":"VCID-3jt3-2y11-yuc5","summary":"security update","references":[{"reference_url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1606.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1606","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64949","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64789","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64795","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64803","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6483","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64811","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64859","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64902","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64873","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1606"},{"reference_url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606"},{"reference_url":"http://www.debian.org/security/2015/dsa-3184","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3184"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/13/14","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/13/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/14/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/14/6"},{"reference_url":"http://www.securitytracker.com/id/1031876","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193008","reference_id":"1193008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577","reference_id":"778577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1606","reference_id":"CVE-2015-1606","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1606"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923705?format=json","purl":"pkg:deb/debian/gnupg2@2.0.26-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.26-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923691?format=json","purl":"pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zx65-nc6s-8yf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923689?format=json","purl":"pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zx65-nc6s-8yf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923693?format=json","purl":"pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79fy-gfr6-zkgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923692?format=json","purl":"pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79fy-gfr6-zkgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.9-4%3Fdistro=trixie"}],"aliases":["CVE-2015-1606"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jt3-2y11-yuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85806?format=json","vulnerability_id":"VCID-nfzs-w4pe-bubj","summary":"gnupg2: memcpy with overlapping ranges (keybox_search.c)","references":[{"reference_url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1607.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1607","reference_id":"","reference_type":"","scores":[{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70461","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.7041","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70214","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70244","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70282","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70291","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.7032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70329","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.7031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70363","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70371","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70369","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70384","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70415","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70383","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1607"},{"reference_url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607"},{"reference_url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"},{"reference_url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"},{"reference_url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/13/14","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/13/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/14/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/14/6"},{"reference_url":"http://www.securityfocus.com/bid/72610","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/72610"},{"reference_url":"http://www.ubuntu.com/usn/usn-2554-1/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-2554-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193009","reference_id":"1193009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193009"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577","reference_id":"778577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1607","reference_id":"CVE-2015-1607","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1607"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923705?format=json","purl":"pkg:deb/debian/gnupg2@2.0.26-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.26-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923691?format=json","purl":"pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zx65-nc6s-8yf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923689?format=json","purl":"pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zx65-nc6s-8yf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923693?format=json","purl":"pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79fy-gfr6-zkgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923692?format=json","purl":"pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79fy-gfr6-zkgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.9-4%3Fdistro=trixie"}],"aliases":["CVE-2015-1607"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfzs-w4pe-bubj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.26-5%3Fdistro=trixie"}