{"url":"http://public2.vulnerablecode.io/api/packages/99618?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-3?distro=trixie","type":"deb","namespace":"debian","name":"iortcw","version":"1.51.c+dfsg1-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.51.c+dfsg1-4","latest_non_vulnerable_version":"1.51.c+dfsg1-10","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74018?format=json","vulnerability_id":"VCID-9mak-srpp-yyan","summary":"A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The identifier of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25104","reference_id":"","reference_type":"","scores":[{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67521","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67509","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67492","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67507","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25104"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99622?format=json","purl":"pkg:deb/debian/iortcw@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99618?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99616?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99620?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99619?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-10%3Fdistro=trixie"}],"aliases":["CVE-2019-25104"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mak-srpp-yyan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74009?format=json","vulnerability_id":"VCID-cv4c-cwc6-vfff","summary":"In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as native code DLLs. A malicious auto-downloaded file can contain configuration defaults that override the user's. Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6903","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29899","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29929","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29898","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29871","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29883","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6903"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699","reference_id":"857699","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857714","reference_id":"857714","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857714"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99621?format=json","purl":"pkg:deb/debian/iortcw@1.50a%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.50a%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99618?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99616?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99620?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99619?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-10%3Fdistro=trixie"}],"aliases":["CVE-2017-6903"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv4c-cwc6-vfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74006?format=json","vulnerability_id":"VCID-t45h-6tuf-zkem","summary":"Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11721","reference_id":"","reference_type":"","scores":[{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87307","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87324","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87321","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03231","scoring_system":"epss","scoring_elements":"0.87333","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725","reference_id":"870725","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870811","reference_id":"870811","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870811"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99617?format=json","purl":"pkg:deb/debian/iortcw@1.51%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99618?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99616?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99620?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99619?format=json","purl":"pkg:deb/debian/iortcw@1.51.c%2Bdfsg1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-10%3Fdistro=trixie"}],"aliases":["CVE-2017-11721"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t45h-6tuf-zkem"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iortcw@1.51.c%252Bdfsg1-3%3Fdistro=trixie"}