{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42027?format=json","vulnerability_id":"VCID-cp59-hynh-bydw","summary":"Reachable Assertion\nThere is an Assertion `scaling_list_pred_matrix_id_delta==1` failed at `sps.cc:925` in libde265 when decoding a file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.","aliases":[{"alias":"CVE-2021-36409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60092?format=json","purl":"pkg:conan/libde265@1.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77sx-rq4k-7kgd"},{"vulnerability":"VCID-86ed-z2u5-kffr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60091?format=json","purl":"pkg:conan/libde265@1.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5r6a-uvfy-b3d1"},{"vulnerability":"VCID-aevu-s8rp-f7es"},{"vulnerability":"VCID-cp59-hynh-bydw"},{"vulnerability":"VCID-rqqd-ptxb-rqf8"},{"vulnerability":"VCID-v5w4-wgke-8kd1"},{"vulnerability":"VCID-ymdg-prmu-vybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.8"}],"references":[{"reference_url":"https://github.com/strukturag/libde265/issues/300","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/strukturag/libde265/issues/300"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36409","reference_id":"CVE-2021-36409","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36409"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":617,"name":"Reachable Assertion","description":"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cp59-hynh-bydw"}