{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1937?format=json","vulnerability_id":"VCID-7t2y-ppma-aqe1","summary":"Security researcher Gustavo Grieco reported a potential out-of-bounds\nread parsing malformed XML data during character conversion. This is due to a bug in the\nExpat library, which is used in Firefox. This could allow an attacker to read other\ninaccessible memory.","aliases":[{"alias":"CVE-2016-0718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4626?format=json","purl":"pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5046?format=json","purl":"pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cvna-73ya-gbg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/898?format=json","purl":"pkg:mozilla/Firefox@48.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4615?format=json","purl":"pkg:deb/debian/expat@1.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/4616?format=json","purl":"pkg:deb/debian/expat@1.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/4617?format=json","purl":"pkg:deb/debian/expat@1.95.2-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.95.2-6"},{"url":"http://public2.vulnerablecode.io/api/packages/4618?format=json","purl":"pkg:deb/debian/expat@1.95.8-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.95.8-3"},{"url":"http://public2.vulnerablecode.io/api/packages/4619?format=json","purl":"pkg:deb/debian/expat@1.95.8-3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.95.8-3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/4620?format=json","purl":"pkg:deb/debian/expat@1.95.8-3.4%2Betch3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@1.95.8-3.4%252Betch3"},{"url":"http://public2.vulnerablecode.io/api/packages/4621?format=json","purl":"pkg:deb/debian/expat@2.0.1-4%2Blenny3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-4%252Blenny3"},{"url":"http://public2.vulnerablecode.io/api/packages/4622?format=json","purl":"pkg:deb/debian/expat@2.0.1-7%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-7%252Bsqueeze1"},{"url":"http://public2.vulnerablecode.io/api/packages/4623?format=json","purl":"pkg:deb/debian/expat@2.0.1-7%2Bsqueeze2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-7%252Bsqueeze2"},{"url":"http://public2.vulnerablecode.io/api/packages/4624?format=json","purl":"pkg:deb/debian/expat@2.1.0-1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/4625?format=json","purl":"pkg:deb/debian/expat@2.1.0-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6"},{"url":"http://public2.vulnerablecode.io/api/packages/4626?format=json","purl":"pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7t2y-ppma-aqe1"},{"vulnerability":"VCID-cvna-73ya-gbg5"},{"vulnerability":"VCID-ea8u-5x5j-dkch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718","reference_id":"CVE-2016-0718","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68","reference_id":"mfsa2016-68","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t2y-ppma-aqe1"}