{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85511?format=json","vulnerability_id":"VCID-t142-dym5-nqba","summary":"harfbuzz: DoS due to GPOS and GSUB table mishandling","aliases":[{"alias":"CVE-2015-9274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924784?format=json","purl":"pkg:deb/debian/harfbuzz@1.2.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@1.2.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1054424?format=json","purl":"pkg:deb/debian/harfbuzz@1.4.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@1.4.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/924785?format=json","purl":"pkg:deb/debian/harfbuzz@2.7.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bw4-j3xa-d3g4"},{"vulnerability":"VCID-rjd7-a91f-vkhs"},{"vulnerability":"VCID-zzcp-hvdf-zqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@2.7.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924783?format=json","purl":"pkg:deb/debian/harfbuzz@6.0.0%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rjd7-a91f-vkhs"},{"vulnerability":"VCID-zzcp-hvdf-zqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@6.0.0%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924787?format=json","purl":"pkg:deb/debian/harfbuzz@10.2.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rjd7-a91f-vkhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@10.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924786?format=json","purl":"pkg:deb/debian/harfbuzz@12.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@12.3.2-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1054423?format=json","purl":"pkg:deb/debian/harfbuzz@0.9.35-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xxu-cjy5-ekdd"},{"vulnerability":"VCID-rnfc-n53j-9yfb"},{"vulnerability":"VCID-t142-dym5-nqba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/harfbuzz@0.9.35-2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9274.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9274","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66962","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66999","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67024","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66998","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.6706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67079","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67065","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67062","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67083","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67095","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652081","reference_id":"1652081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652081"},{"reference_url":"https://usn.ubuntu.com/5746-1/","reference_id":"USN-5746-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5746-1/"}],"weaknesses":[{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."}],"exploits":[],"severity_range_score":"5.3 - 5.3","exploitability":"0.5","weighted_severity":"4.8","risk_score":2.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t142-dym5-nqba"}