{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66393?format=json","vulnerability_id":"VCID-yup7-6szg-wugs","summary":"An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().","aliases":[{"alias":"CVE-2017-9052"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93288?format=json","purl":"pkg:deb/debian/dwarfutils@20170416-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20170416-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/517726?format=json","purl":"pkg:deb/debian/dwarfutils@20180809-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-u52e-zu8s-67g4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20180809-1"},{"url":"http://public2.vulnerablecode.io/api/packages/93281?format=json","purl":"pkg:deb/debian/dwarfutils@20201201-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23fq-spqa-jffy"},{"vulnerability":"VCID-eyeu-1wsh-tba5"},{"vulnerability":"VCID-tg6g-nujw-bybz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20201201-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93279?format=json","purl":"pkg:deb/debian/dwarfutils@20210528-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23fq-spqa-jffy"},{"vulnerability":"VCID-eyeu-1wsh-tba5"},{"vulnerability":"VCID-tg6g-nujw-bybz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20210528-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93282?format=json","purl":"pkg:deb/debian/dwarfutils@1:0.11.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@1:0.11.1-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5578?format=json","purl":"pkg:deb/debian/dwarfutils@20080409-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wr9-b6ju-33es"},{"vulnerability":"VCID-3k6p-san4-33ev"},{"vulnerability":"VCID-3qa9-ke4p-zfhu"},{"vulnerability":"VCID-4bty-96c9-gqck"},{"vulnerability":"VCID-5hg4-t93r-d7fe"},{"vulnerability":"VCID-6dg4-dfve-uudx"},{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-7tp9-pmer-6kdn"},{"vulnerability":"VCID-8b6n-7dd7-wfh8"},{"vulnerability":"VCID-8fqp-14kt-7qey"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-974u-157z-jfd8"},{"vulnerability":"VCID-bctb-f6yn-q3df"},{"vulnerability":"VCID-cav2-ubu1-xyc6"},{"vulnerability":"VCID-cqme-8bcc-4qdm"},{"vulnerability":"VCID-dbkj-9fnm-mygb"},{"vulnerability":"VCID-ek7a-rkjk-pyaj"},{"vulnerability":"VCID-eurw-px4z-dycr"},{"vulnerability":"VCID-exf2-rfvv-a7ff"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-hqxa-jtx8-u3h6"},{"vulnerability":"VCID-j8g5-9zgy-skak"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jp96-3bqp-j7cq"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-m47q-3x92-17cf"},{"vulnerability":"VCID-ma59-q144-tbhn"},{"vulnerability":"VCID-n2dq-4wd1-v3d2"},{"vulnerability":"VCID-n866-6qtb-uqfs"},{"vulnerability":"VCID-qbgz-9gqu-nbaj"},{"vulnerability":"VCID-rnmw-3e99-quft"},{"vulnerability":"VCID-tm1f-ndz1-ekfw"},{"vulnerability":"VCID-twyy-kfws-x7au"},{"vulnerability":"VCID-u3m9-n4rd-5qc5"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-xwzf-p1zk-6khr"},{"vulnerability":"VCID-yup7-6szg-wugs"},{"vulnerability":"VCID-yzn8-13px-xbcg"},{"vulnerability":"VCID-zaqw-qnk2-wkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20080409-2"},{"url":"http://public2.vulnerablecode.io/api/packages/5579?format=json","purl":"pkg:deb/debian/dwarfutils@20100214-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wr9-b6ju-33es"},{"vulnerability":"VCID-3k6p-san4-33ev"},{"vulnerability":"VCID-3qa9-ke4p-zfhu"},{"vulnerability":"VCID-4bty-96c9-gqck"},{"vulnerability":"VCID-5hg4-t93r-d7fe"},{"vulnerability":"VCID-6dg4-dfve-uudx"},{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-7tp9-pmer-6kdn"},{"vulnerability":"VCID-8b6n-7dd7-wfh8"},{"vulnerability":"VCID-8fqp-14kt-7qey"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-974u-157z-jfd8"},{"vulnerability":"VCID-bctb-f6yn-q3df"},{"vulnerability":"VCID-cav2-ubu1-xyc6"},{"vulnerability":"VCID-cqme-8bcc-4qdm"},{"vulnerability":"VCID-dbkj-9fnm-mygb"},{"vulnerability":"VCID-ek7a-rkjk-pyaj"},{"vulnerability":"VCID-eurw-px4z-dycr"},{"vulnerability":"VCID-exf2-rfvv-a7ff"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-hqxa-jtx8-u3h6"},{"vulnerability":"VCID-j8g5-9zgy-skak"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jp96-3bqp-j7cq"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-m47q-3x92-17cf"},{"vulnerability":"VCID-ma59-q144-tbhn"},{"vulnerability":"VCID-n2dq-4wd1-v3d2"},{"vulnerability":"VCID-n866-6qtb-uqfs"},{"vulnerability":"VCID-qbgz-9gqu-nbaj"},{"vulnerability":"VCID-rnmw-3e99-quft"},{"vulnerability":"VCID-tm1f-ndz1-ekfw"},{"vulnerability":"VCID-twyy-kfws-x7au"},{"vulnerability":"VCID-u3m9-n4rd-5qc5"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-xwzf-p1zk-6khr"},{"vulnerability":"VCID-yup7-6szg-wugs"},{"vulnerability":"VCID-yzn8-13px-xbcg"},{"vulnerability":"VCID-zaqw-qnk2-wkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20100214-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5580?format=json","purl":"pkg:deb/debian/dwarfutils@20100214-1%2Bdeb6u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wr9-b6ju-33es"},{"vulnerability":"VCID-3k6p-san4-33ev"},{"vulnerability":"VCID-3qa9-ke4p-zfhu"},{"vulnerability":"VCID-4bty-96c9-gqck"},{"vulnerability":"VCID-5hg4-t93r-d7fe"},{"vulnerability":"VCID-6dg4-dfve-uudx"},{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-7tp9-pmer-6kdn"},{"vulnerability":"VCID-8b6n-7dd7-wfh8"},{"vulnerability":"VCID-8fqp-14kt-7qey"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-974u-157z-jfd8"},{"vulnerability":"VCID-bctb-f6yn-q3df"},{"vulnerability":"VCID-cav2-ubu1-xyc6"},{"vulnerability":"VCID-cqme-8bcc-4qdm"},{"vulnerability":"VCID-dbkj-9fnm-mygb"},{"vulnerability":"VCID-ek7a-rkjk-pyaj"},{"vulnerability":"VCID-eurw-px4z-dycr"},{"vulnerability":"VCID-exf2-rfvv-a7ff"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-hqxa-jtx8-u3h6"},{"vulnerability":"VCID-j8g5-9zgy-skak"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jp96-3bqp-j7cq"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-m47q-3x92-17cf"},{"vulnerability":"VCID-ma59-q144-tbhn"},{"vulnerability":"VCID-n2dq-4wd1-v3d2"},{"vulnerability":"VCID-n866-6qtb-uqfs"},{"vulnerability":"VCID-qbgz-9gqu-nbaj"},{"vulnerability":"VCID-rnmw-3e99-quft"},{"vulnerability":"VCID-tm1f-ndz1-ekfw"},{"vulnerability":"VCID-twyy-kfws-x7au"},{"vulnerability":"VCID-u3m9-n4rd-5qc5"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-xwzf-p1zk-6khr"},{"vulnerability":"VCID-yup7-6szg-wugs"},{"vulnerability":"VCID-yzn8-13px-xbcg"},{"vulnerability":"VCID-zaqw-qnk2-wkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20100214-1%252Bdeb6u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5581?format=json","purl":"pkg:deb/debian/dwarfutils@20120410-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wr9-b6ju-33es"},{"vulnerability":"VCID-3k6p-san4-33ev"},{"vulnerability":"VCID-3qa9-ke4p-zfhu"},{"vulnerability":"VCID-4bty-96c9-gqck"},{"vulnerability":"VCID-5hg4-t93r-d7fe"},{"vulnerability":"VCID-6dg4-dfve-uudx"},{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-7tp9-pmer-6kdn"},{"vulnerability":"VCID-8b6n-7dd7-wfh8"},{"vulnerability":"VCID-8fqp-14kt-7qey"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-974u-157z-jfd8"},{"vulnerability":"VCID-bctb-f6yn-q3df"},{"vulnerability":"VCID-cav2-ubu1-xyc6"},{"vulnerability":"VCID-cqme-8bcc-4qdm"},{"vulnerability":"VCID-dbkj-9fnm-mygb"},{"vulnerability":"VCID-ek7a-rkjk-pyaj"},{"vulnerability":"VCID-eurw-px4z-dycr"},{"vulnerability":"VCID-exf2-rfvv-a7ff"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-hqxa-jtx8-u3h6"},{"vulnerability":"VCID-j8g5-9zgy-skak"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jp96-3bqp-j7cq"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-m47q-3x92-17cf"},{"vulnerability":"VCID-ma59-q144-tbhn"},{"vulnerability":"VCID-n2dq-4wd1-v3d2"},{"vulnerability":"VCID-n866-6qtb-uqfs"},{"vulnerability":"VCID-qbgz-9gqu-nbaj"},{"vulnerability":"VCID-rnmw-3e99-quft"},{"vulnerability":"VCID-tm1f-ndz1-ekfw"},{"vulnerability":"VCID-twyy-kfws-x7au"},{"vulnerability":"VCID-u3m9-n4rd-5qc5"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-xwzf-p1zk-6khr"},{"vulnerability":"VCID-yup7-6szg-wugs"},{"vulnerability":"VCID-yzn8-13px-xbcg"},{"vulnerability":"VCID-zaqw-qnk2-wkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20120410-2"},{"url":"http://public2.vulnerablecode.io/api/packages/5582?format=json","purl":"pkg:deb/debian/dwarfutils@20120410-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wr9-b6ju-33es"},{"vulnerability":"VCID-3k6p-san4-33ev"},{"vulnerability":"VCID-3qa9-ke4p-zfhu"},{"vulnerability":"VCID-4bty-96c9-gqck"},{"vulnerability":"VCID-5hg4-t93r-d7fe"},{"vulnerability":"VCID-6dg4-dfve-uudx"},{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-7tp9-pmer-6kdn"},{"vulnerability":"VCID-8b6n-7dd7-wfh8"},{"vulnerability":"VCID-8fqp-14kt-7qey"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-974u-157z-jfd8"},{"vulnerability":"VCID-bctb-f6yn-q3df"},{"vulnerability":"VCID-cav2-ubu1-xyc6"},{"vulnerability":"VCID-cqme-8bcc-4qdm"},{"vulnerability":"VCID-dbkj-9fnm-mygb"},{"vulnerability":"VCID-ek7a-rkjk-pyaj"},{"vulnerability":"VCID-eurw-px4z-dycr"},{"vulnerability":"VCID-exf2-rfvv-a7ff"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-hqxa-jtx8-u3h6"},{"vulnerability":"VCID-j8g5-9zgy-skak"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jp96-3bqp-j7cq"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-m47q-3x92-17cf"},{"vulnerability":"VCID-ma59-q144-tbhn"},{"vulnerability":"VCID-n2dq-4wd1-v3d2"},{"vulnerability":"VCID-n866-6qtb-uqfs"},{"vulnerability":"VCID-qbgz-9gqu-nbaj"},{"vulnerability":"VCID-rnmw-3e99-quft"},{"vulnerability":"VCID-tm1f-ndz1-ekfw"},{"vulnerability":"VCID-twyy-kfws-x7au"},{"vulnerability":"VCID-u3m9-n4rd-5qc5"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-xwzf-p1zk-6khr"},{"vulnerability":"VCID-yup7-6szg-wugs"},{"vulnerability":"VCID-yzn8-13px-xbcg"},{"vulnerability":"VCID-zaqw-qnk2-wkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20120410-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5583?format=json","purl":"pkg:deb/debian/dwarfutils@20161124-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fja-j7f2-hya9"},{"vulnerability":"VCID-967a-bbc2-sqej"},{"vulnerability":"VCID-gugk-g6j6-mkge"},{"vulnerability":"VCID-jj8q-duc1-6ya7"},{"vulnerability":"VCID-jq3p-k39g-33fv"},{"vulnerability":"VCID-u52e-zu8s-67g4"},{"vulnerability":"VCID-yup7-6szg-wugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dwarfutils@20161124-1%252Bdeb9u1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9052.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9052","reference_id":"","reference_type":"","scores":[{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.76317","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.76353","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.76341","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.7633","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.76345","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.76348","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9052"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452587","reference_id":"1452587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864064","reference_id":"864064","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864064"}],"weaknesses":[{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}],"exploits":[],"severity_range_score":"3.3 - 4.3","exploitability":"0.5","weighted_severity":"3.0","risk_score":1.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yup7-6szg-wugs"}