Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/101701?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libexif", "version": "0.6.25-1+deb13u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.6.26-1", "latest_non_vulnerable_version": "0.6.26-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76002?format=api", "vulnerability_id": "VCID-1hcz-pb63-xbdg", "summary": "In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0182.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65359", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0182" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852490", "reference_id": "1852490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101715?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-0182" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hcz-pb63-xbdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75996?format=api", "vulnerability_id": "VCID-1qye-wx7e-puda", "summary": "Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85329", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839188", "reference_id": "839188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839188" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2840" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qye-wx7e-puda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75988?format=api", "vulnerability_id": "VCID-22jn-mcwn-j3ax", "summary": "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76455", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76484", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839203", "reference_id": "839203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839203" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2812" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22jn-mcwn-j3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75982?format=api", "vulnerability_id": "VCID-2n34-t4fw-5ycv", "summary": "Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03114", "scoring_system": "epss", "scoring_elements": "0.87073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03114", "scoring_system": "epss", "scoring_elements": "0.87095", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617555", "reference_id": "1617555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617555" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298464", "reference_id": "298464", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:300", "reference_id": "RHSA-2005:300", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:300" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101697?format=api", "purl": "pkg:deb/debian/libexif@0.6.9-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0664" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n34-t4fw-5ycv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5858?format=api", "vulnerability_id": "VCID-342b-qpcn-w3df", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34197", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34297", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834950", "reference_id": "1834950", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834950" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960199", "reference_id": "960199", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960199" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4358-1/", "reference_id": "USN-4358-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4358-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101717?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-342b-qpcn-w3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75994?format=api", "vulnerability_id": "VCID-44bu-3z7v-5ydx", "summary": "The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79712", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79738", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839185", "reference_id": "839185", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839185" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2837" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44bu-3z7v-5ydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5855?format=api", "vulnerability_id": "VCID-46rf-wxth-xbh1", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13114.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13114.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.78034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.78062", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840350", "reference_id": "1840350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410", "reference_id": "961410", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101718?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13114" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46rf-wxth-xbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5862?format=api", "vulnerability_id": "VCID-62d1-kaq2-h3d9", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63315", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494196", "reference_id": "1494196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494196" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876466", "reference_id": "876466", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876466" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://usn.ubuntu.com/4277-1/", "reference_id": "USN-4277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4277-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101711?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62d1-kaq2-h3d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62882?format=api", "vulnerability_id": "VCID-6jqb-s4w9-y3af", "summary": "libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05281", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922", "reference_id": "1133922", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457687", "reference_id": "2457687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457687" }, { "reference_url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58", "reference_id": "93003b93e50b3d259bd2227d8775b73a53c35d58", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:42Z/" } ], "url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20929", "reference_id": "RHSA-2026:20929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22553", "reference_id": "RHSA-2026:22553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101720?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40385" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jqb-s4w9-y3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76001?format=api", "vulnerability_id": "VCID-713z-wx2h-53ff", "summary": "In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09453", "scoring_system": "epss", "scoring_elements": "0.92966", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09453", "scoring_system": "epss", "scoring_elements": "0.92976", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847131", "reference_id": "1847131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962346", "reference_id": "962346", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962346" }, { "reference_url": "https://security.gentoo.org/glsa/202011-19", "reference_id": "GLSA-202011-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101713?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-0181" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-713z-wx2h-53ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75985?format=api", "vulnerability_id": "VCID-bm6g-ursf-dfh5", "summary": "libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6351.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0445", "scoring_system": "epss", "scoring_elements": "0.89251", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0445", "scoring_system": "epss", "scoring_elements": "0.89269", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=425551", "reference_id": "425551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=425551" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330", "reference_id": "457330", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330" }, { "reference_url": "https://security.gentoo.org/glsa/200712-15", "reference_id": "GLSA-200712-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200712-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1165", "reference_id": "RHSA-2007:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1165" }, { "reference_url": "https://usn.ubuntu.com/654-1/", "reference_id": "USN-654-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/654-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101706?format=api", "purl": "pkg:deb/debian/libexif@0.6.16-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6351" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bm6g-ursf-dfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5860?format=api", "vulnerability_id": "VCID-bwmt-7yhf-zugp", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9278.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9278.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789031", "reference_id": "1789031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945948", "reference_id": "945948", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945948" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4277-1/", "reference_id": "USN-4277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4277-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101713?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9278" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwmt-7yhf-zugp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75991?format=api", "vulnerability_id": "VCID-ceaj-6s1m-3yak", "summary": "The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839184", "reference_id": "839184", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839184" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2836" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceaj-6s1m-3yak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75986?format=api", "vulnerability_id": "VCID-ebpx-bczb-z3b2", "summary": "Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03354", "scoring_system": "epss", "scoring_elements": "0.87548", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03354", "scoring_system": "epss", "scoring_elements": "0.87569", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=425561", "reference_id": "425561", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=425561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330", "reference_id": "457330", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330" }, { "reference_url": "https://security.gentoo.org/glsa/200712-15", "reference_id": "GLSA-200712-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200712-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1165", "reference_id": "RHSA-2007:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1166", "reference_id": "RHSA-2007:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1166" }, { "reference_url": "https://usn.ubuntu.com/654-1/", "reference_id": "USN-654-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/654-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101706?format=api", "purl": "pkg:deb/debian/libexif@0.6.16-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6352" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebpx-bczb-z3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75990?format=api", "vulnerability_id": "VCID-fwj4-n4af-wued", "summary": "Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88297", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839183", "reference_id": "839183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839183" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2814" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwj4-n4af-wued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5861?format=api", "vulnerability_id": "VCID-g1pr-mb2d-d3aj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20030.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20030.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77319", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77348", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663878", "reference_id": "1663878", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663878" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730", "reference_id": "918730", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://usn.ubuntu.com/4358-1/", "reference_id": "USN-4358-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4358-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101712?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-5.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-5.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20030" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1pr-mb2d-d3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75999?format=api", "vulnerability_id": "VCID-g856-qmgw-fbca", "summary": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04256", "scoring_system": "epss", "scoring_elements": "0.88998", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04256", "scoring_system": "epss", "scoring_elements": "0.89015", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839189", "reference_id": "839189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839189" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2841" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g856-qmgw-fbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64897?format=api", "vulnerability_id": "VCID-huqq-ss1g-jue2", "summary": "libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32775", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00822", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116", "reference_id": "1131116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447881", "reference_id": "2447881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447881" }, { "reference_url": "https://github.com/libexif/libexif/issues/247", "reference_id": "247", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/" } ], "url": "https://github.com/libexif/libexif/issues/247" }, { "reference_url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692", "reference_id": "7df372e9d31d7c993a22b913c813a5f7ec4f3692", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/" } ], "url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101720?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huqq-ss1g-jue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75987?format=api", "vulnerability_id": "VCID-hvg9-7hrw-87a2", "summary": "Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3895.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3895.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05239", "scoring_system": "epss", "scoring_elements": "0.90135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05239", "scoring_system": "epss", "scoring_elements": "0.90152", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3895" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557137", "reference_id": "557137", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557137" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101708?format=api", "purl": "pkg:deb/debian/libexif@0.6.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.19-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-3895" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvg9-7hrw-87a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5857?format=api", "vulnerability_id": "VCID-hyj8-tmtk-h7ds", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.77011", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840344", "reference_id": "1840344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407", "reference_id": "961407", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2474", "reference_id": "RHSA-2020:2474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2516", "reference_id": "RHSA-2020:2516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2549", "reference_id": "RHSA-2020:2549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2550", "reference_id": "RHSA-2020:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2672", "reference_id": "RHSA-2020:2672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2672" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101718?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13112" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyj8-tmtk-h7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7110?format=api", "vulnerability_id": "VCID-j5mu-rdx7-zug2", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16284", "scoring_system": "epss", "scoring_elements": "0.94951", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16284", "scoring_system": "epss", "scoring_elements": "0.94959", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902004", "reference_id": "1902004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902004" }, { "reference_url": "https://security.archlinux.org/AVG-2376", "reference_id": "AVG-2376", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2376" }, { "reference_url": "https://security.gentoo.org/glsa/202011-19", "reference_id": "GLSA-202011-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5393", "reference_id": "RHSA-2020:5393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5394", "reference_id": "RHSA-2020:5394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5394" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5395", "reference_id": "RHSA-2020:5395", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5395" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5396", "reference_id": "RHSA-2020:5396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5402", "reference_id": "RHSA-2020:5402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5402" }, { "reference_url": "https://usn.ubuntu.com/4624-1/", "reference_id": "USN-4624-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4624-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-0452" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5mu-rdx7-zug2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62881?format=api", "vulnerability_id": "VCID-kmqk-uta9-83e7", "summary": "libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40386", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00714", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923", "reference_id": "1133923", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457689", "reference_id": "2457689", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457689" }, { "reference_url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b", "reference_id": "dc6eac6e9655d14d0779d99e82d0f5f442d2f34b", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:57Z/" } ], "url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20929", "reference_id": "RHSA-2026:20929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22529", "reference_id": "RHSA-2026:22529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22553", "reference_id": "RHSA-2026:22553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101720?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40386" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqk-uta9-83e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5859?format=api", "vulnerability_id": "VCID-p9wb-yye6-pugf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0093.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37354", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852487", "reference_id": "1852487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852487" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101714?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-0093" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9wb-yye6-pugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5856?format=api", "vulnerability_id": "VCID-phh9-yvjg-nygr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13113.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72558", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72598", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840347", "reference_id": "1840347", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840347" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409", "reference_id": "961409", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4040", "reference_id": "RHSA-2020:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101718?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13113" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phh9-yvjg-nygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=api", "vulnerability_id": "VCID-senj-exhy-uuek", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0198.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0198.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12017", "scoring_system": "epss", "scoring_elements": "0.93913", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12017", "scoring_system": "epss", "scoring_elements": "0.93922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0198" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0198", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0198" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847133", "reference_id": "1847133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345", "reference_id": "962345", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345" }, { "reference_url": "https://security.archlinux.org/AVG-2376", "reference_id": "AVG-2376", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2376" }, { "reference_url": "https://security.gentoo.org/glsa/202011-19", "reference_id": "GLSA-202011-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4766", "reference_id": "RHSA-2020:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4766" }, { "reference_url": "https://usn.ubuntu.com/4396-1/", "reference_id": "USN-4396-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4396-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101716?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-0198" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-senj-exhy-uuek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75989?format=api", "vulnerability_id": "VCID-v2pe-r74z-fucm", "summary": "The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76518", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76548", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839182", "reference_id": "839182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839182" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101709?format=api", "purl": "pkg:deb/debian/libexif@0.6.20-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2813" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pe-r74z-fucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75983?format=api", "vulnerability_id": "VCID-whjm-923v-xyah", "summary": "Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07543", "scoring_system": "epss", "scoring_elements": "0.91964", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07543", "scoring_system": "epss", "scoring_elements": "0.91977", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=243888", "reference_id": "243888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243888" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430012", "reference_id": "430012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430012" }, { "reference_url": "https://security.gentoo.org/glsa/200706-09", "reference_id": "GLSA-200706-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200706-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0501", "reference_id": "RHSA-2007:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0501" }, { "reference_url": "https://usn.ubuntu.com/478-1/", "reference_id": "USN-478-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/478-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101702?format=api", "purl": "pkg:deb/debian/libexif@0.6.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4168" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-whjm-923v-xyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75984?format=api", "vulnerability_id": "VCID-xd62-ke4z-v3hp", "summary": "Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2645.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2645.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3209", "scoring_system": "epss", "scoring_elements": "0.96918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.3209", "scoring_system": "epss", "scoring_elements": "0.96923", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=240055", "reference_id": "240055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424775", "reference_id": "424775", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424775" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30024.txt", "reference_id": "CVE-2007-2645;OSVDB-35978", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30024.txt" }, { "reference_url": "https://www.securityfocus.com/bid/23927/info", "reference_id": "CVE-2007-2645;OSVDB-35978", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23927/info" }, { "reference_url": "https://security.gentoo.org/glsa/200706-01", "reference_id": "GLSA-200706-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200706-01" }, { "reference_url": "https://usn.ubuntu.com/471-1/", "reference_id": "USN-471-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/471-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101705?format=api", "purl": "pkg:deb/debian/libexif@0.6.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-2645" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xd62-ke4z-v3hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5863?format=api", "vulnerability_id": "VCID-zudh-dpue-3qba", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6328.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.6896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366239", "reference_id": "1366239", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366239" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873022", "reference_id": "873022", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873022" }, { "reference_url": "https://security.archlinux.org/AVG-1166", "reference_id": "AVG-1166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1166" }, { "reference_url": "https://security.gentoo.org/glsa/202007-05", "reference_id": "GLSA-202007-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-05" }, { "reference_url": "https://usn.ubuntu.com/4277-1/", "reference_id": "USN-4277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4277-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101711?format=api", "purl": "pkg:deb/debian/libexif@0.6.21-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101698?format=api", "purl": "pkg:deb/debian/libexif@0.6.22-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101696?format=api", "purl": "pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101701?format=api", "purl": "pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101699?format=api", "purl": "pkg:deb/debian/libexif@0.6.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6328" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zudh-dpue-3qba" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie" }