Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-bmbk-zx7s-pqfg |
|---|
| Summary | A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
|
| 1 |
| url |
pkg:deb/debian/libwebp@0.4.1-1.2 |
| purl |
pkg:deb/debian/libwebp@0.4.1-1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1gzk-t5c3-4uas |
|
| 1 |
| vulnerability |
VCID-1jxb-jjv5-s3f3 |
|
| 2 |
| vulnerability |
VCID-4qdd-tn1v-dbhn |
|
| 3 |
| vulnerability |
VCID-7u2t-29ba-qud6 |
|
| 4 |
| vulnerability |
VCID-arwh-y5e1-n3au |
|
| 5 |
| vulnerability |
VCID-bmbk-zx7s-pqfg |
|
| 6 |
| vulnerability |
VCID-cpyc-ge41-87ct |
|
| 7 |
| vulnerability |
VCID-gpe5-ua5k-1yfg |
|
| 8 |
| vulnerability |
VCID-h27q-nx5u-ekha |
|
| 9 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 10 |
| vulnerability |
VCID-kurw-rw2e-hucv |
|
| 11 |
| vulnerability |
VCID-nh8j-9hau-fyec |
|
| 12 |
| vulnerability |
VCID-rsya-kacs-gbgk |
|
| 13 |
| vulnerability |
VCID-styk-n95y-fug1 |
|
| 14 |
| vulnerability |
VCID-x39u-fccq-sbde |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.4.1-1.2 |
|
| 2 |
| url |
pkg:deb/debian/libwebp@0.5.2-1 |
| purl |
pkg:deb/debian/libwebp@0.5.2-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1gzk-t5c3-4uas |
|
| 1 |
| vulnerability |
VCID-1jxb-jjv5-s3f3 |
|
| 2 |
| vulnerability |
VCID-4qdd-tn1v-dbhn |
|
| 3 |
| vulnerability |
VCID-7u2t-29ba-qud6 |
|
| 4 |
| vulnerability |
VCID-arwh-y5e1-n3au |
|
| 5 |
| vulnerability |
VCID-bmbk-zx7s-pqfg |
|
| 6 |
| vulnerability |
VCID-gpe5-ua5k-1yfg |
|
| 7 |
| vulnerability |
VCID-h27q-nx5u-ekha |
|
| 8 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 9 |
| vulnerability |
VCID-kurw-rw2e-hucv |
|
| 10 |
| vulnerability |
VCID-nh8j-9hau-fyec |
|
| 11 |
| vulnerability |
VCID-rsya-kacs-gbgk |
|
| 12 |
| vulnerability |
VCID-styk-n95y-fug1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.5.2-1 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
|---|
| References |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-25014 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63616 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63658 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63666 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63657 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63646 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00442 |
| scoring_system |
epss |
| scoring_elements |
0.63665 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-25014 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
908 |
| name |
Use of Uninitialized Resource |
| description |
The product uses or accesses a resource that has not been initialized. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 9.8 - 9.8 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 8.8 |
|---|
| Risk_score | 4.4 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-bmbk-zx7s-pqfg |
|---|