{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","type":"deb","namespace":"debian","name":"elfutils","version":"0.195-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66525?format=json","vulnerability_id":"VCID-2sga-pmv8-3uak","summary":"In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7665","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28182","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28141","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28161","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28232","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677538","reference_id":"1677538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677538"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880","reference_id":"921880","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880"},{"reference_url":"https://security.archlinux.org/ASA-201903-9","reference_id":"ASA-201903-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-9"},{"reference_url":"https://security.archlinux.org/AVG-863","reference_id":"AVG-863","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3575","reference_id":"RHSA-2019:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3575"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7665"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sga-pmv8-3uak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66507?format=json","vulnerability_id":"VCID-4ryu-xekg-zbhc","summary":"The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7608.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7608","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47264","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441624","reference_id":"1441624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441624"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859995","reference_id":"859995","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859995"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7608"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ryu-xekg-zbhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66512?format=json","vulnerability_id":"VCID-566a-nu92-8qcb","summary":"elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7613.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7613","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.6952","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69483","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.6953","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441629","reference_id":"1441629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441629"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990","reference_id":"859990","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7613"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-566a-nu92-8qcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66511?format=json","vulnerability_id":"VCID-6sff-77v5-r3ax","summary":"The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7612.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7612.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7612","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.6698","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66996","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441628","reference_id":"1441628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991","reference_id":"859991","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7612"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6sff-77v5-r3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66517?format=json","vulnerability_id":"VCID-7az6-1gng-6qe7","summary":"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18520","reference_id":"","reference_type":"","scores":[{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75913","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00889","scoring_system":"epss","scoring_elements":"0.75905","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646477","reference_id":"1646477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646477"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414","reference_id":"911414","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18520"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7az6-1gng-6qe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66515?format=json","vulnerability_id":"VCID-7xee-m8gf-6qh3","summary":"libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16403.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16403","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28353","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28305","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28264","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625055","reference_id":"1625055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-16403"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xee-m8gf-6qh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66521?format=json","vulnerability_id":"VCID-9d69-d773-fqeu","summary":"An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7148.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7148","reference_id":"","reference_type":"","scores":[{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73587","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73623","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73628","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73614","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7148"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7148"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671439","reference_id":"1671439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671439"},{"reference_url":"https://security.archlinux.org/ASA-201903-9","reference_id":"ASA-201903-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-9"},{"reference_url":"https://security.archlinux.org/AVG-863","reference_id":"AVG-863","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7148"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d69-d773-fqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66520?format=json","vulnerability_id":"VCID-9nvr-hhnf-u7ex","summary":"In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7146","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41841","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41917","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41898","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671432","reference_id":"1671432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671432"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911","reference_id":"920911","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3575","reference_id":"RHSA-2019:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7146"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nvr-hhnf-u7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66523?format=json","vulnerability_id":"VCID-c3rt-jxyg-m3eu","summary":"An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7150","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32467","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32538","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671446","reference_id":"1671446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909","reference_id":"920909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909"},{"reference_url":"https://security.archlinux.org/ASA-201903-9","reference_id":"ASA-201903-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-9"},{"reference_url":"https://security.archlinux.org/AVG-863","reference_id":"AVG-863","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3575","reference_id":"RHSA-2019:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3575"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7150"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3rt-jxyg-m3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66526?format=json","vulnerability_id":"VCID-dkrw-dhc4-4fcm","summary":"The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21047","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00398","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00399","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00401","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00396","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21047"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html"},{"reference_url":"https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8","reference_id":"?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/"}],"url":"https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=25068","reference_id":"show_bug.cgi?id=25068","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:40:52Z/"}],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=25068"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93434?format=json","purl":"pkg:deb/debian/elfutils@0.180-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.180-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2020-21047"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkrw-dhc4-4fcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66513?format=json","vulnerability_id":"VCID-e5pj-9aex-qba3","summary":"dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16062.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16062","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25566","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25668","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25659","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25611","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623752","reference_id":"1623752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623752"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562","reference_id":"907562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-16062"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5pj-9aex-qba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66508?format=json","vulnerability_id":"VCID-fctx-gqty-qqbp","summary":"elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7609.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7609.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7609","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44728","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44742","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44749","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441625","reference_id":"1441625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441625"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859994","reference_id":"859994","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859994"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7609"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fctx-gqty-qqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66522?format=json","vulnerability_id":"VCID-gv76-sbbx-ukd8","summary":"A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7149","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56378","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5644","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56428","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671443","reference_id":"1671443","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910","reference_id":"920910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910"},{"reference_url":"https://security.archlinux.org/ASA-201903-9","reference_id":"ASA-201903-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-9"},{"reference_url":"https://security.archlinux.org/AVG-863","reference_id":"AVG-863","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3575","reference_id":"RHSA-2019:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3575"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7149"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv76-sbbx-ukd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66504?format=json","vulnerability_id":"VCID-m4hb-fnwr-eber","summary":"The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10254.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10254","reference_id":"","reference_type":"","scores":[{"value":"0.00603","scoring_system":"epss","scoring_elements":"0.69955","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00603","scoring_system":"epss","scoring_elements":"0.69996","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00603","scoring_system":"epss","scoring_elements":"0.70004","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00603","scoring_system":"epss","scoring_elements":"0.69991","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435183","reference_id":"1435183","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435183"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93429?format=json","purl":"pkg:deb/debian/elfutils@0.168-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10254"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4hb-fnwr-eber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66527?format=json","vulnerability_id":"VCID-mxhh-rnud-7bdx","summary":"In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33294.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33294","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05856","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0587","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05877","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33294"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html","reference_id":"003607.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T17:05:21Z/"}],"url":"https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2223918","reference_id":"2223918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2223918"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=27501","reference_id":"show_bug.cgi?id=27501","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T17:05:21Z/"}],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=27501"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93435?format=json","purl":"pkg:deb/debian/elfutils@0.185-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.185-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2021-33294"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhh-rnud-7bdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66524?format=json","vulnerability_id":"VCID-p4ma-d1c5-4bg1","summary":"In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7664","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38129","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38101","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38126","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677536","reference_id":"1677536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677536"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881","reference_id":"921881","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881"},{"reference_url":"https://security.archlinux.org/ASA-201903-9","reference_id":"ASA-201903-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-9"},{"reference_url":"https://security.archlinux.org/AVG-863","reference_id":"AVG-863","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3575","reference_id":"RHSA-2019:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93433?format=json","purl":"pkg:deb/debian/elfutils@0.176-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.176-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7664"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4ma-d1c5-4bg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66518?format=json","vulnerability_id":"VCID-pt99-fknz-8yb1","summary":"Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18521.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18521","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28053","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28123","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646482","reference_id":"1646482","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413","reference_id":"911413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18521"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt99-fknz-8yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66506?format=json","vulnerability_id":"VCID-qh5f-ujjq-a3fq","summary":"The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7607.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7607","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56639","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56593","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56645","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441613","reference_id":"1441613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441613"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996","reference_id":"859996","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7607"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh5f-ujjq-a3fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66505?format=json","vulnerability_id":"VCID-rzdw-w882-ekd9","summary":"The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10255.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10255","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66934","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66974","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66983","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66966","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435182","reference_id":"1435182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435182"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93429?format=json","purl":"pkg:deb/debian/elfutils@0.168-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10255"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzdw-w882-ekd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66510?format=json","vulnerability_id":"VCID-s6q1-s2s7-g3g9","summary":"The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7611.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7611","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53558","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53504","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53572","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441627","reference_id":"1441627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859992","reference_id":"859992","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859992"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7611"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6q1-s2s7-g3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66514?format=json","vulnerability_id":"VCID-tzq2-cgg5-yya1","summary":"libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16402.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16402","reference_id":"","reference_type":"","scores":[{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83834","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.8386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83855","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625050","reference_id":"1625050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1471","reference_id":"RHSA-2020:1471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1471"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-16402"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzq2-cgg5-yya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66503?format=json","vulnerability_id":"VCID-u7as-1ckq-eqgy","summary":"Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9447.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9447","reference_id":"","reference_type":"","scores":[{"value":"0.03517","scoring_system":"epss","scoring_elements":"0.87852","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03517","scoring_system":"epss","scoring_elements":"0.87873","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03517","scoring_system":"epss","scoring_elements":"0.87875","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03517","scoring_system":"epss","scoring_elements":"0.87876","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178888","reference_id":"1178888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775536","reference_id":"775536","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775536"},{"reference_url":"https://usn.ubuntu.com/2482-1/","reference_id":"USN-2482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2482-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93428?format=json","purl":"pkg:deb/debian/elfutils@0.159-4.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.159-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9447"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7as-1ckq-eqgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66516?format=json","vulnerability_id":"VCID-v6r9-9zqj-c7h1","summary":"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18310","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26122","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26077","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642604","reference_id":"1642604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083","reference_id":"911083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083"},{"reference_url":"https://security.archlinux.org/ASA-201901-3","reference_id":"ASA-201901-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-3"},{"reference_url":"https://security.archlinux.org/AVG-785","reference_id":"AVG-785","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2197","reference_id":"RHSA-2019:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2197"},{"reference_url":"https://usn.ubuntu.com/4012-1/","reference_id":"USN-4012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4012-1/"},{"reference_url":"https://usn.ubuntu.com/6322-1/","reference_id":"USN-6322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93431?format=json","purl":"pkg:deb/debian/elfutils@0.175-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.175-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18310"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6r9-9zqj-c7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66519?format=json","vulnerability_id":"VCID-vsc2-c98t-2qfq","summary":"elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8769.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8769","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37793","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37766","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8769"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559241","reference_id":"1559241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559241"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93432?format=json","purl":"pkg:deb/debian/elfutils@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2018-8769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsc2-c98t-2qfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66509?format=json","vulnerability_id":"VCID-xu38-1648-eqde","summary":"The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7610.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7610","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.6698","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66996","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441626","reference_id":"1441626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859993","reference_id":"859993","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859993"},{"reference_url":"https://security.gentoo.org/glsa/201710-10","reference_id":"GLSA-201710-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-10"},{"reference_url":"https://usn.ubuntu.com/3670-1/","reference_id":"USN-3670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93430?format=json","purl":"pkg:deb/debian/elfutils@0.168-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.168-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7610"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xu38-1648-eqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66502?format=json","vulnerability_id":"VCID-ykz9-xxnj-uqft","summary":"Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0172.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0172","reference_id":"","reference_type":"","scores":[{"value":"0.01832","scoring_system":"epss","scoring_elements":"0.83261","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01832","scoring_system":"epss","scoring_elements":"0.83287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01832","scoring_system":"epss","scoring_elements":"0.83288","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01832","scoring_system":"epss","scoring_elements":"0.83284","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1085663","reference_id":"1085663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1085663"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744017","reference_id":"744017","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744017"},{"reference_url":"https://security.gentoo.org/glsa/201612-32","reference_id":"GLSA-201612-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-32"},{"reference_url":"https://usn.ubuntu.com/2188-1/","reference_id":"USN-2188-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2188-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93424?format=json","purl":"pkg:deb/debian/elfutils@0.158-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.158-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93425?format=json","purl":"pkg:deb/debian/elfutils@0.183-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mxhh-rnud-7bdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.183-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93423?format=json","purl":"pkg:deb/debian/elfutils@0.188-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.188-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93427?format=json","purl":"pkg:deb/debian/elfutils@0.192-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.192-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93426?format=json","purl":"pkg:deb/debian/elfutils@0.195-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0172"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykz9-xxnj-uqft"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/elfutils@0.195-1%3Fdistro=trixie"}