{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","type":"deb","namespace":"debian","name":"libytnef","version":"1.9.3-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.9.3-3","latest_non_vulnerable_version":"2.1.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93077?format=json","vulnerability_id":"VCID-21bd-whcr-ekgv","summary":"In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12141","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38815","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38816","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3878","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38752","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38798","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38776","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38696","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38516","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3839","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38301","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38326","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815","reference_id":"870815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12141"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21bd-whcr-ekgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93396?format=json","vulnerability_id":"VCID-2zd4-eyeq-27dd","summary":"In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9471","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45393","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45488","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45509","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45531","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45403","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45343","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45238","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45302","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4532","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45264","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45288","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194","reference_id":"870194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9471"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zd4-eyeq-27dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93369?format=json","vulnerability_id":"VCID-8esx-t2u5-e3hq","summary":"The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9146","reference_id":"","reference_type":"","scores":[{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69629","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69657","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69685","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69702","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69725","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.6971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69765","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69809","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69839","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707","reference_id":"862707","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9146"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8esx-t2u5-e3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93399?format=json","vulnerability_id":"VCID-efxj-4v6j-fbaa","summary":"In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41465","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41555","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41583","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41568","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41487","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41236","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41253","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41158","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41185","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192","reference_id":"870192","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9474"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efxj-4v6j-fbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93078?format=json","vulnerability_id":"VCID-nrgn-8ky2-pyec","summary":"In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12142","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36308","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36517","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36397","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36416","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36399","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36344","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36121","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35885","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35974","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35908","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816","reference_id":"870816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12142"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrgn-8ky2-pyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93397?format=json","vulnerability_id":"VCID-qkuz-r9a9-vqbx","summary":"In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9472","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41465","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41555","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41583","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41568","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41487","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41236","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41253","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41158","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41185","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193","reference_id":"870193","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9472"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkuz-r9a9-vqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93398?format=json","vulnerability_id":"VCID-sag4-mswc-hbg5","summary":"In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9473","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49523","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49553","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49581","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49589","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.496","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49571","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49619","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49617","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49587","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49588","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49547","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49464","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49501","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49528","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197","reference_id":"870197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9473"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sag4-mswc-hbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93080?format=json","vulnerability_id":"VCID-uar8-sxnf-efhs","summary":"In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12144","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5589","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55952","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55932","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55954","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55929","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55855","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55849","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55851","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55878","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817","reference_id":"870817","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uar8-sxnf-efhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93395?format=json","vulnerability_id":"VCID-ujwn-5uux-gygu","summary":"In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9470","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45161","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45185","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196","reference_id":"870196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929385?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929383?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929381?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929384?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9470"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujwn-5uux-gygu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"}