Package Instance

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1622
reference_id	CVE-2022-1622
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1622

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json
reference_id	CVE-2022-1622.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1622

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mh3-q3y5-qyg1

url VCID-1nme-2pjx-q7hp

vulnerability_id VCID-1nme-2pjx-q7hp

summary libtiff: NULL pointer dereference in tif_dirinfo.c

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7006

reference_id

reference_type

scores

value	0.00541
scoring_system	epss
scoring_elements	0.67664
published_at	2026-04-21T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.67672
published_at	2026-04-12T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.67638
published_at	2026-04-13T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.67673
published_at	2026-04-16T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.67685
published_at	2026-04-18T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70028
published_at	2026-04-07T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70076
published_at	2026-04-08T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70092
published_at	2026-04-09T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70115
published_at	2026-04-11T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70036
published_at	2026-04-02T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70051
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7006

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648
reference_id	1078648
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2302996

reference_id

2302996

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2302996

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id	cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb
reference_id	cpe:/a:redhat:rhel_eus:9.2::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url

https://access.redhat.com/security/cve/CVE-2024-7006

reference_id

CVE-2024-7006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/

url

https://access.redhat.com/security/cve/CVE-2024-7006

reference_url

https://access.redhat.com/errata/RHSA-2024:6360

reference_id

RHSA-2024:6360

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/

url

https://access.redhat.com/errata/RHSA-2024:6360

reference_url

https://access.redhat.com/errata/RHSA-2024:8833

reference_id

RHSA-2024:8833

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/

url

https://access.redhat.com/errata/RHSA-2024:8833

reference_url

https://access.redhat.com/errata/RHSA-2024:8914

reference_id

RHSA-2024:8914

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/

url

https://access.redhat.com/errata/RHSA-2024:8914

reference_url	https://usn.ubuntu.com/6997-1/
reference_id	USN-6997-1
reference_type
scores
url	https://usn.ubuntu.com/6997-1/

reference_url	https://usn.ubuntu.com/6997-2/
reference_id	USN-6997-2
reference_type
scores
url	https://usn.ubuntu.com/6997-2/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2024-7006

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nme-2pjx-q7hp

url VCID-25fx-7kmb-fqhm

vulnerability_id VCID-25fx-7kmb-fqhm

summary Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18116
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18222
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18226
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18179
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18128
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18072
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18084
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18082
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18166
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24564
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24601
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24438
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/278
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/278

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148
reference_id	2064148
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924
reference_id	CVE-2022-0924
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json
reference_id	CVE-2022-0924.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0924

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm

url VCID-2ds7-xq64-9ue2

vulnerability_id VCID-2ds7-xq64-9ue2

summary

NULL Pointer Dereference
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3316

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05658
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05721
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05727
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05735
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05757
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0573
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05697
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0569
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06208
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0605
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0606
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/

url

https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2216080
reference_id	2216080
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2216080

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/468

reference_id

468

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/468

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/515

reference_id

515

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/515

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3316
reference_id	CVE-2023-3316
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3316

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-3316

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-xq64-9ue2

url VCID-2u8w-cy3j-9fen

vulnerability_id VCID-2u8w-cy3j-9fen

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0800

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/496

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/496

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170167
reference_id	2170167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170167

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0800
reference_id	CVE-2023-0800
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0800

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json

reference_id

CVE-2023-0800.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0800

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8w-cy3j-9fen

url VCID-3wfj-nc9t-xfgp

vulnerability_id VCID-3wfj-nc9t-xfgp

summary

Integer Overflow or Wraparound
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40745

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51481
published_at	2026-04-21T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51503
published_at	2026-04-18T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56632
published_at	2026-04-07T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56683
published_at	2026-04-08T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56688
published_at	2026-04-09T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56696
published_at	2026-04-11T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56671
published_at	2026-04-12T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.5665
published_at	2026-04-13T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56681
published_at	2026-04-16T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56653
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40745

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235265
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://access.redhat.com/security/cve/CVE-2023-40745
reference_id	CVE-2023-40745
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-40745

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-40745
reference_id	CVE-2023-40745
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-40745

reference_url	https://access.redhat.com/errata/RHSA-2024:2289
reference_id	RHSA-2024:2289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2289

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-40745

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wfj-nc9t-xfgp

url VCID-44ee-ueju-ykae

vulnerability_id VCID-44ee-ueju-ykae

summary libtiff: division by zero issues in tiffcrop

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2057

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/427
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/427

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2057
reference_id	CVE-2022-2057
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2057

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json
reference_id	CVE-2022-2057.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2057

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44ee-ueju-ykae

url VCID-44zu-mtmq-57cm

vulnerability_id VCID-44zu-mtmq-57cm

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0801

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/498

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/498

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170172
reference_id	2170172
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170172

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0801
reference_id	CVE-2023-0801
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0801

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json

reference_id

CVE-2023-0801.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0801

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44zu-mtmq-57cm

url VCID-48tr-y71p-7fbb

vulnerability_id VCID-48tr-y71p-7fbb

summary libtiff: Assertion fail in rotateImage() function at tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2520

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18005
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17962
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17973
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18202
published_at	2026-04-02T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18256
published_at	2026-04-04T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17957
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18043
published_at	2026-04-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18104
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18113
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.1807
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.1802
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/424
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/424

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122792
reference_id	2122792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122792

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2520
reference_id	CVE-2022-2520
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2520

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2520

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48tr-y71p-7fbb

url VCID-4egk-vvjq-dyhw

vulnerability_id VCID-4egk-vvjq-dyhw

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0795

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/493

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/493

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170119
reference_id	2170119
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170119

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0795
reference_id	CVE-2023-0795
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0795

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json

reference_id

CVE-2023-0795.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0795

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4egk-vvjq-dyhw

url VCID-4mq7-s2p6-yufr

vulnerability_id VCID-4mq7-s2p6-yufr

summary Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42924
published_at	2026-04-01T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42969
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42985
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43045
published_at	2026-04-16T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43033
published_at	2026-04-18T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42988
published_at	2026-04-02T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43015
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42952
published_at	2026-04-07T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43002
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43014
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43036
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/392
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/392

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143
reference_id	2064143
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907
reference_id	CVE-2022-0907
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
reference_id	CVE-2022-0907.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0907

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr

url VCID-4pys-mah6-hfh6

vulnerability_id VCID-4pys-mah6-hfh6

summary

Use After Free
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0799

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02715
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02816
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0273
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02737
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0274
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0276
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02712
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02692
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02702
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/494

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/494

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170162
reference_id	2170162
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170162

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0799
reference_id	CVE-2023-0799
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0799

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json

reference_id

CVE-2023-0799.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0799

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pys-mah6-hfh6

url VCID-4srx-3gbk-eqd3

vulnerability_id VCID-4srx-3gbk-eqd3

summary libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3626

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10954
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10876
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11009
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11006
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10952
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10977
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11632
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11505
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11509
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12191
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12237
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142741
reference_id	2142741
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142741

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/426

reference_id

426

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/426

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3626
reference_id	CVE-2022-3626
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3626

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json

reference_id

CVE-2022-3626.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3626

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4srx-3gbk-eqd3

url VCID-5mak-1mkk-wkdg

vulnerability_id VCID-5mak-1mkk-wkdg

summary

NULL Pointer Dereference
Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.1844
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18557
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18512
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18461
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18404
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18425
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18505
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27971
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28012
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27915
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494
reference_id	2054494
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561
reference_id	CVE-2022-0561
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json
reference_id	CVE-2022-0561.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0561

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg

url VCID-6cry-skqu-zke9

vulnerability_id VCID-6cry-skqu-zke9

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35522

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13085
published_at	2026-04-01T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13194
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1326
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1306
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13142
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13193
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13162
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13123
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13071
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12973
published_at	2026-04-16T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12976
published_at	2026-04-18T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13073
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932037
reference_id	1932037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932037

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35522
reference_id	CVE-2020-35522
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35522

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35522

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cry-skqu-zke9

url VCID-6dt6-ppka-b3ct

vulnerability_id VCID-6dt6-ppka-b3ct

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26966

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07297
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07283
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07273
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07203
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07198
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07241
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0722
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07274
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07301
published_at	2026-04-09T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08031
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/530

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/530

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/473

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/473

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2218749
reference_id	2218749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2218749

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-26966
reference_id	CVE-2023-26966
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-26966

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-26966

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt6-ppka-b3ct

url VCID-6kck-g3z6-cuge

vulnerability_id VCID-6kck-g3z6-cuge

summary libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2867

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03542
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03462
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03437
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03412
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03423
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03511
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03512
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03536
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0349
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0743
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07472
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118847
reference_id	2118847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118847

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2867
reference_id	CVE-2022-2867
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2867

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2867

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kck-g3z6-cuge

url VCID-6sb9-u71x-j7f5

vulnerability_id VCID-6sb9-u71x-j7f5

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45566
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45546
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45516
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45521
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45569
published_at	2026-04-16T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4547
published_at	2026-04-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45525
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45527
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50258
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50287
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50218
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040
reference_id	1932040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523
reference_id	CVE-2020-35523
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35523

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5

url VCID-6sx9-1yfw-63cg

vulnerability_id VCID-6sx9-1yfw-63cg

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35521

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22193
published_at	2026-04-21T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.223
published_at	2026-04-12T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22241
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22245
published_at	2026-04-16T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2224
published_at	2026-04-18T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22184
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22267
published_at	2026-04-08T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22321
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22341
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30312
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3036
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30283
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932034
reference_id	1932034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932034

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35521
reference_id	CVE-2020-35521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35521

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35521

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sx9-1yfw-63cg

url VCID-6wzx-7a3m-ufhm

vulnerability_id VCID-6wzx-7a3m-ufhm

summary libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3627

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07606
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0762
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07633
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07614
published_at	2026-04-08T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.0815
published_at	2026-04-21T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08007
published_at	2026-04-16T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07992
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08413
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0836
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142742
reference_id	2142742
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142742

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/411

reference_id

411

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/411

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3627
reference_id	CVE-2022-3627
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3627

reference_url

reference_id

CVE-2022-3627.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2023:2883
reference_id	RHSA-2023:2883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2883

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3627

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wzx-7a3m-ufhm

url VCID-72yx-48n1-jbfs

vulnerability_id VCID-72yx-48n1-jbfs

summary

Out-of-bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1623

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.55978
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56145
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56117
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56151
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-18T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56089
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5614
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56157
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56133
published_at	2026-04-12T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56865
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/410
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/410

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2084260
reference_id	2084260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2084260

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1623
reference_id	CVE-2022-1623
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1623

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json
reference_id	CVE-2022-1623.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1623

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72yx-48n1-jbfs

url VCID-76g4-kacn-7yg7

vulnerability_id VCID-76g4-kacn-7yg7

summary libtiff: Double free or corruption in rotateImage() function at tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2519

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31625
published_at	2026-04-21T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31678
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31657
published_at	2026-04-18T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31775
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31819
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31638
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31689
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31718
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31722
published_at	2026-04-11T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31681
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31644
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/423
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/423

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122789
reference_id	2122789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122789

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2519
reference_id	CVE-2022-2519
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2519

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2519

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76g4-kacn-7yg7

url VCID-8691-q4h3-eyaf

vulnerability_id VCID-8691-q4h3-eyaf

summary libtiff: division by zero issues in tiffcrop

references

reference_url

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2058

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/428
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/428

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2058
reference_id	CVE-2022-2058
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2058

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json
reference_id	CVE-2022-2058.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2058

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8691-q4h3-eyaf

url VCID-9gqh-2uat-93c7

vulnerability_id VCID-9gqh-2uat-93c7

summary

Out-of-bounds Write
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

references

reference_url

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.0605
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05899
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06622
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06671
published_at	2026-04-08T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06705
published_at	2026-04-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06704
published_at	2026-04-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06697
published_at	2026-04-12T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06688
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06621
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06598
published_at	2026-04-02T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06642
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/463
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/463

reference_url	https://access.redhat.com/security/cve/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-30774

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-30774

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqh-2uat-93c7

url VCID-ap6w-9c6j-akdp

vulnerability_id VCID-ap6w-9c6j-akdp

summary libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2521

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31625
published_at	2026-04-21T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31678
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31657
published_at	2026-04-18T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31775
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31819
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31638
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31689
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31718
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31722
published_at	2026-04-11T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31681
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31644
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/422
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/422

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122799
reference_id	2122799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122799

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2521
reference_id	CVE-2022-2521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2521

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2521

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap6w-9c6j-akdp

url VCID-as9s-4ugc-ukgy

vulnerability_id VCID-as9s-4ugc-ukgy

summary Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1354

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11193
published_at	2026-04-01T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11337
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11395
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11188
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11268
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11323
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11131
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11133
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11329
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11295
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11269
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16367
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/319
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/319

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074404
reference_id	2074404
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074404

reference_url

reference_id

AVG-2721

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json

reference_url	https://access.redhat.com/security/cve/CVE-2022-1354
reference_id	CVE-2022-1354
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1354

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1354
reference_id	CVE-2022-1354
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1354

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1354

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as9s-4ugc-ukgy

url VCID-b33v-b6h4-cqfe

vulnerability_id VCID-b33v-b6h4-cqfe

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0804

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.04817
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04959
published_at	2026-04-21T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04842
published_at	2026-04-04T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.0486
published_at	2026-04-07T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04897
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04914
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04877
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04858
published_at	2026-04-13T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04806
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04814
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/497

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170192
reference_id	2170192
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170192

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0804
reference_id	CVE-2023-0804
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0804

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json

reference_id

CVE-2023-0804.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/

reference_url

reference_id

FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230324-0009/

reference_id

ntap-20230324-0009

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://security.netapp.com/advisory/ntap-20230324-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0804

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b33v-b6h4-cqfe

url VCID-b4hb-cxzy-suck

vulnerability_id VCID-b4hb-cxzy-suck

summary libtiff: LibTIFF Null Pointer Dereference

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-13978

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10464
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10397
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11561
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11586
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11527
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11441
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11597
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11395
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11535
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14397
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14469
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-13978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323
reference_id	1111323
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2386059
reference_id	2386059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2386059

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_id

2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/649

reference_id

649

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/649

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/667

reference_id

667

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/667

reference_url

https://vuldb.com/?ctiid.318355

reference_id

?ctiid.318355

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?ctiid.318355

reference_url

https://vuldb.com/?id.318355

reference_id

?id.318355

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?id.318355

reference_url

https://vuldb.com/?submit.624562

reference_id

?submit.624562

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?submit.624562

reference_url

http://www.libtiff.org/

reference_id

www.libtiff.org

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

http://www.libtiff.org/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2024-13978

risk_score 1.2

exploitability 0.5

weighted_severity 2.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4hb-cxzy-suck

url VCID-bnbg-7q6h-8uhs

vulnerability_id VCID-bnbg-7q6h-8uhs

summary

Out-of-bounds Write
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

references

reference_url

http://libtiff-release-v4-0-7.com

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

http://libtiff-release-v4-0-7.com

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30086

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23386
published_at	2026-04-21T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23524
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23416
published_at	2026-04-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23467
published_at	2026-04-09T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23485
published_at	2026-04-11T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23446
published_at	2026-04-12T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23391
published_at	2026-04-13T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23409
published_at	2026-04-16T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23403
published_at	2026-04-18T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23561
published_at	2026-04-04T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23344
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/538

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/538

reference_url

http://tiffcp.com

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

http://tiffcp.com

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2203650
reference_id	2203650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2203650

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30086
reference_id	CVE-2023-30086
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30086

reference_url

https://security.netapp.com/advisory/ntap-20230616-0003/

reference_id

ntap-20230616-0003

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

https://security.netapp.com/advisory/ntap-20230616-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-30086

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnbg-7q6h-8uhs

url VCID-cbhv-yme7-buby

vulnerability_id VCID-cbhv-yme7-buby

summary libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_id

reference_type

scores

value	0.00972
scoring_system	epss
scoring_elements	0.76583
published_at	2026-04-01T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76586
published_at	2026-04-02T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76615
published_at	2026-04-04T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76596
published_at	2026-04-07T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76627
published_at	2026-04-08T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76639
published_at	2026-04-09T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76666
published_at	2026-04-11T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76645
published_at	2026-04-12T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76636
published_at	2026-04-13T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76677
published_at	2026-04-16T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76681
published_at	2026-04-18T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.7667
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801
reference_id	2003801
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801

reference_url	https://usn.ubuntu.com/5084-1/
reference_id	USN-5084-1
reference_type
scores
url	https://usn.ubuntu.com/5084-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-19143

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby

url VCID-cm5h-b1g9-tkg9

vulnerability_id VCID-cm5h-b1g9-tkg9

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_id

reference_type

scores

value	0.00413
scoring_system	epss
scoring_elements	0.614
published_at	2026-04-01T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61477
published_at	2026-04-02T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61505
published_at	2026-04-04T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61475
published_at	2026-04-07T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61523
published_at	2026-04-08T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61537
published_at	2026-04-09T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61559
published_at	2026-04-11T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61546
published_at	2026-04-12T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61526
published_at	2026-04-13T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61567
published_at	2026-04-16T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61571
published_at	2026-04-18T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61556
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044
reference_id	1932044
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524
reference_id	CVE-2020-35524
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35524

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9

url VCID-cw7d-us77-2fhv

vulnerability_id VCID-cw7d-us77-2fhv

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0796

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/499

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/499

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170146
reference_id	2170146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170146

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0796
reference_id	CVE-2023-0796
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0796

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

reference_id

CVE-2023-0796.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0796

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cw7d-us77-2fhv

url VCID-cwen-8yyj-x3aw

vulnerability_id VCID-cwen-8yyj-x3aw

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25434

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43294
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43326
published_at	2026-04-09T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43323
published_at	2026-04-04T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.4326
published_at	2026-04-07T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43312
published_at	2026-04-08T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.4661
published_at	2026-04-18T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46613
published_at	2026-04-16T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46557
published_at	2026-04-21T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46575
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46547
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46556
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25434

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/519

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:18:44Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/519

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215209
reference_id	2215209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215209

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25434
reference_id	CVE-2023-25434
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25434

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-25434

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwen-8yyj-x3aw

url VCID-e6c2-ajs1-abdz

vulnerability_id VCID-e6c2-ajs1-abdz

summary libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3599

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10852
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10952
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10984
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10983
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10928
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11596
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11468
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1147
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12168
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12214
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142740
reference_id	2142740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142740

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/398

reference_id

398

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/398

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3599
reference_id	CVE-2022-3599
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3599

reference_url

reference_id

CVE-2022-3599.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3599

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6c2-ajs1-abdz

url VCID-gmhp-4yx2-gfbv

vulnerability_id VCID-gmhp-4yx2-gfbv

summary Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42396
published_at	2026-04-01T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42405
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42451
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42501
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42476
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42467
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42497
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42435
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42486
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42495
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42518
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42481
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/393
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/393

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146
reference_id	2064146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909
reference_id	CVE-2022-0909
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json
reference_id	CVE-2022-0909.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0909

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv

url VCID-h6gn-kv5x-bbd5

vulnerability_id VCID-h6gn-kv5x-bbd5

summary

Out-of-bounds Write
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08006
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08185
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08136
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08041
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08026
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08105
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08148
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08097
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08157
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08179
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08172
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08153
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/380
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/380

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/382
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/382

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411
reference_id	2064411
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891
reference_id	CVE-2022-0891
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
reference_id	CVE-2022-0891.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0891

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5

url VCID-jdv4-3mf6-93hm

vulnerability_id VCID-jdv4-3mf6-93hm

summary libtiff: integer overflow in function TIFFReadRGBATileExt of the file

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3970

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26732
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26891
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26847
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2679
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26798
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2677
published_at	2026-04-18T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28816
published_at	2026-04-04T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28727
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28688
published_at	2026-04-08T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28622
published_at	2026-04-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29854
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737
reference_id	1024737
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2148918
reference_id	2148918
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2148918

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

reference_id

227500897dfb07fb7d27f7aa570050e62617e3be

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3970
reference_id	CVE-2022-3970
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3970

reference_url

reference_id

detail?id=53137

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

reference_url

https://oss-fuzz.com/download?testcase_id=5738253143900160

reference_id

download?testcase_id=5738253143900160

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://oss-fuzz.com/download?testcase_id=5738253143900160

reference_url

https://support.apple.com/kb/HT213841

reference_id

HT213841

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://support.apple.com/kb/HT213841

reference_url

https://support.apple.com/kb/HT213843

reference_id

HT213843

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://support.apple.com/kb/HT213843

reference_url

https://vuldb.com/?id.213549

reference_id

?id.213549

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://vuldb.com/?id.213549

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20221215-0009/

reference_id

ntap-20221215-0009

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://security.netapp.com/advisory/ntap-20221215-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2023:2883
reference_id	RHSA-2023:2883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2883

reference_url	https://usn.ubuntu.com/5743-1/
reference_id	USN-5743-1
reference_type
scores
url	https://usn.ubuntu.com/5743-1/

reference_url	https://usn.ubuntu.com/5743-2/
reference_id	USN-5743-2
reference_type
scores
url	https://usn.ubuntu.com/5743-2/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3970

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdv4-3mf6-93hm

url VCID-ju1t-bhyh-v7du

vulnerability_id VCID-ju1t-bhyh-v7du

summary

Out-of-bounds Write
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-48281

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01153
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01091
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01093
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01099
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01104
published_at	2026-04-08T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01105
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01089
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01082
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01084
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01077
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01087
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-48281

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/488

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/488

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html

reference_url

https://www.debian.org/security/2023/dsa-5333

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://www.debian.org/security/2023/dsa-5333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653
reference_id	1029653
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2163606
reference_id	2163606
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2163606

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-48281
reference_id	CVE-2022-48281
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-48281

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://security.netapp.com/advisory/ntap-20230302-0004/

reference_url

reference_id

ntap-20230302-0004

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://security.netapp.com/advisory/ntap-20230302-0004/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:3827
reference_id	RHSA-2023:3827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3827

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-48281

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ju1t-bhyh-v7du

url VCID-k8kt-55y9-qyac

vulnerability_id VCID-k8kt-55y9-qyac

summary

NULL Pointer Dereference
A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2908

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.0239
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02312
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02318
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02314
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02317
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02339
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02321
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02307
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02305
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02289
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02294
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2908

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2218830

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2218830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/479

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/479

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-2908

reference_id

CVE-2023-2908

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://access.redhat.com/security/cve/CVE-2023-2908

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-2908
reference_id	CVE-2023-2908
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-2908

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230731-0004/

reference_id

ntap-20230731-0004

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://security.netapp.com/advisory/ntap-20230731-0004/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-2908

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kt-55y9-qyac

url VCID-kpq7-5vsv-pucy

vulnerability_id VCID-kpq7-5vsv-pucy

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10543
published_at	2026-04-01T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10703
published_at	2026-04-21T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10696
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10558
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10575
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10687
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1075
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10609
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10682
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10737
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10752
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1072
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/383
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/383

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145
reference_id	2064145
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908
reference_id	CVE-2022-0908
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json
reference_id	CVE-2022-0908.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0908

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy

url VCID-mhwh-tsst-cfaj

vulnerability_id VCID-mhwh-tsst-cfaj

summary

Out-of-bounds Read
LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18352
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18367
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18312
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18325
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18569
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18623
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18331
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18414
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18466
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/355
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/355

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603
reference_id	2042603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844
reference_id	CVE-2022-22844
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-22844

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj

url VCID-n3ta-dm1y-gya5

vulnerability_id VCID-n3ta-dm1y-gya5

summary libtiff: Libtiff Write-What-Where

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9900

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10902
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10838
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1073
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10695
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10679
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10819
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10844
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10876
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10863
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10806
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12031
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2392784

reference_id

2392784

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2392784

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/704

reference_id

704

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/704

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/732

reference_id

732

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/732

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id	cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb
reference_id	cpe:/a:redhat:rhel_eus:9.4::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url

https://access.redhat.com/security/cve/CVE-2025-9900

reference_id

CVE-2025-9900

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/security/cve/CVE-2025-9900

reference_url

https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_id

LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_url

https://access.redhat.com/errata/RHSA-2025:17651

reference_id

RHSA-2025:17651

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17651

reference_url

https://access.redhat.com/errata/RHSA-2025:17675

reference_id

RHSA-2025:17675

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17675

reference_url

https://access.redhat.com/errata/RHSA-2025:17710

reference_id

RHSA-2025:17710

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17710

reference_url

https://access.redhat.com/errata/RHSA-2025:17738

reference_id

RHSA-2025:17738

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17738

reference_url

https://access.redhat.com/errata/RHSA-2025:17739

reference_id

RHSA-2025:17739

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17739

reference_url

https://access.redhat.com/errata/RHSA-2025:17740

reference_id

RHSA-2025:17740

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17740

reference_url

https://access.redhat.com/errata/RHSA-2025:19113

reference_id

RHSA-2025:19113

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19113

reference_url

https://access.redhat.com/errata/RHSA-2025:19156

reference_id

RHSA-2025:19156

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19156

reference_url

https://access.redhat.com/errata/RHSA-2025:19276

reference_id

RHSA-2025:19276

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19276

reference_url

https://access.redhat.com/errata/RHSA-2025:19906

reference_id

RHSA-2025:19906

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19906

reference_url

https://access.redhat.com/errata/RHSA-2025:19947

reference_id

RHSA-2025:19947

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19947

reference_url

https://access.redhat.com/errata/RHSA-2025:20956

reference_id

RHSA-2025:20956

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:20956

reference_url

https://access.redhat.com/errata/RHSA-2025:20998

reference_id

RHSA-2025:20998

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:20998

reference_url

https://access.redhat.com/errata/RHSA-2025:21060

reference_id

RHSA-2025:21060

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21060

reference_url

https://access.redhat.com/errata/RHSA-2025:21061

reference_id

RHSA-2025:21061

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21061

reference_url

https://access.redhat.com/errata/RHSA-2025:21062

reference_id

RHSA-2025:21062

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21062

reference_url

https://access.redhat.com/errata/RHSA-2025:21407

reference_id

RHSA-2025:21407

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21407

reference_url

https://access.redhat.com/errata/RHSA-2025:21506

reference_id

RHSA-2025:21506

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21506

reference_url

https://access.redhat.com/errata/RHSA-2025:21507

reference_id

RHSA-2025:21507

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21507

reference_url

https://access.redhat.com/errata/RHSA-2025:21508

reference_id

RHSA-2025:21508

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21508

reference_url

reference_id

RHSA-2025:21994

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23078

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23079

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23080

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0001

reference_url

reference_id

RHSA-2026:0001

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0001

reference_url

https://access.redhat.com/errata/RHSA-2026:0076

reference_id

RHSA-2026:0076

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0076

reference_url

https://access.redhat.com/errata/RHSA-2026:0077

reference_id

RHSA-2026:0077

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0077

reference_url

https://access.redhat.com/errata/RHSA-2026:0078

reference_id

RHSA-2026:0078

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0078

reference_url

reference_id

RHSA-2026:3461

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2026:3462

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:7504

reference_url

reference_id

RHSA-2026:7504

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:7504

reference_url	https://usn.ubuntu.com/7783-1/
reference_id	USN-7783-1
reference_type
scores
url	https://usn.ubuntu.com/7783-1/

reference_url

https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html

reference_id

v4.7.1.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2025-9900

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3ta-dm1y-gya5

url VCID-ndwc-beev-43ck

vulnerability_id VCID-ndwc-beev-43ck

summary

Out-of-bounds Write
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26965

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.00733
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0073
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00736
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00735
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00726
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00844
published_at	2026-04-21T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00796
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00801
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00795
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.008
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/472

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/472

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215206
reference_id	2215206
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215206

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-26965
reference_id	CVE-2023-26965
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-26965

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230706-0009/

reference_id

ntap-20230706-0009

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://security.netapp.com/advisory/ntap-20230706-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-26965

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck

url VCID-pkdx-ktz1-mbbg

vulnerability_id VCID-pkdx-ktz1-mbbg

summary

Missing Release of Memory after Effective Lifetime
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3576

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05679
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05721
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05715
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05754
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05781
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0575
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05745
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.057
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05758
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06185
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06335
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3576

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219340
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219340

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://access.redhat.com/security/cve/CVE-2023-3576
reference_id	CVE-2023-3576
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-3576

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3576
reference_id	CVE-2023-3576
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3576

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6512-1/
reference_id	USN-6512-1
reference_type
scores
url	https://usn.ubuntu.com/6512-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-3576

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg

url VCID-pnpt-r4ke-fufh

vulnerability_id VCID-pnpt-r4ke-fufh

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0803

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/501

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/501

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170187
reference_id	2170187
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170187

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0803
reference_id	CVE-2023-0803
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0803

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json

reference_id

CVE-2023-0803.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0803

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnpt-r4ke-fufh

url VCID-qsrb-hf2u-tudp

vulnerability_id VCID-qsrb-hf2u-tudp

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09625
published_at	2026-04-21T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09618
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09626
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09596
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0958
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09473
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09477
published_at	2026-04-18T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09497
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09571
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17853
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17906
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17693
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495
reference_id	2054495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562
reference_id	CVE-2022-0562
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json
reference_id	CVE-2022-0562.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0562

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp

url VCID-rmap-8g2y-abdc

vulnerability_id VCID-rmap-8g2y-abdc

summary libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3598

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11913
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11827
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11854
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11893
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11882
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1183
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11959
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11747
published_at	2026-04-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12548
published_at	2026-04-21T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1243
published_at	2026-04-16T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12434
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142738
reference_id	2142738
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142738

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/435

reference_id

435

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/435

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_id

cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3598
reference_id	CVE-2022-3598
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3598

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json

reference_id

CVE-2022-3598.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5705-1/
reference_id	USN-5705-1
reference_type
scores
url	https://usn.ubuntu.com/5705-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3598

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmap-8g2y-abdc

url VCID-ruhz-ty5e-nkgr

vulnerability_id VCID-ruhz-ty5e-nkgr

summary libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2869

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.06826
published_at	2026-04-21T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06749
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06669
published_at	2026-04-18T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06652
published_at	2026-04-02T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06696
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06679
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06729
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06762
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06763
published_at	2026-04-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06755
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118869
reference_id	2118869
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118869

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2869
reference_id	CVE-2022-2869
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2869

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2869

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruhz-ty5e-nkgr

url VCID-s95z-s4sd-cffs

vulnerability_id VCID-s95z-s4sd-cffs

summary libtiff: division by zero issues in tiffcrop

references

reference_url

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2056

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/415
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/415

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2056
reference_id	CVE-2022-2056
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2056

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json
reference_id	CVE-2022-2056.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2056

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s95z-s4sd-cffs

url VCID-tddn-m5ke-euas

vulnerability_id VCID-tddn-m5ke-euas

summary libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34526

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42403
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42499
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42474
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42465
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42495
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42433
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42484
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42493
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42516
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42479
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42449
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/433
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/433

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112756
reference_id	2112756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112756

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-34526
reference_id	CVE-2022-34526
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-34526

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-34526

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tddn-m5ke-euas

url VCID-tfyj-y9q3-t3ar

vulnerability_id VCID-tfyj-y9q3-t3ar

summary libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2953

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04434
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04346
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04325
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04297
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04305
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04318
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04351
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04366
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04359
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07683
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/414
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/414

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2134432
reference_id	2134432
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2134432

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2953
reference_id	CVE-2022-2953
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2953

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json
reference_id	CVE-2022-2953.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2953

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyj-y9q3-t3ar

url VCID-tg7w-mbkg-7uhj

vulnerability_id VCID-tg7w-mbkg-7uhj

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0798

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/492

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/492

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170157
reference_id	2170157
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170157

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0798
reference_id	CVE-2023-0798
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0798

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json

reference_id

CVE-2023-0798.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0798

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7w-mbkg-7uhj

url VCID-tgf9-ax81-fub4

vulnerability_id VCID-tgf9-ax81-fub4

summary libtiff: heap Buffer overflows in tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3570

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00645
published_at	2026-04-21T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00603
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00597
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0062
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00612
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00614
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00613
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00607
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00605
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00602
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/381
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/381

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/386
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/386

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142734
reference_id	2142734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142734

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3570
reference_id	CVE-2022-3570
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3570

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json
reference_id	CVE-2022-3570.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5705-1/
reference_id	USN-5705-1
reference_type
scores
url	https://usn.ubuntu.com/5705-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3570

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgf9-ax81-fub4

url VCID-ttb7-w41r-4kfn

vulnerability_id VCID-ttb7-w41r-4kfn

summary libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4775

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09462
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.24038
published_at	2026-04-02T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23989
published_at	2026-04-11T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23945
published_at	2026-04-12T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23888
published_at	2026-04-13T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23898
published_at	2026-04-16T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.24077
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23859
published_at	2026-04-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23926
published_at	2026-04-08T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23972
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26266
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632
reference_id	1132632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2450768

reference_id

2450768

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2450768

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-4775

reference_id

CVE-2026-4775

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/

url

https://access.redhat.com/security/cve/CVE-2026-4775

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2026-4775

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb7-w41r-4kfn

url VCID-ua38-ur2u-eues

vulnerability_id VCID-ua38-ur2u-eues

summary

Out-of-bounds Write
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52356

reference_id

reference_type

scores

value	0.00616
scoring_system	epss
scoring_elements	0.69868
published_at	2026-04-02T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.72436
published_at	2026-04-18T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72823
published_at	2026-04-13T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72795
published_at	2026-04-04T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72771
published_at	2026-04-07T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.7281
published_at	2026-04-08T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72824
published_at	2026-04-09T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72848
published_at	2026-04-11T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72831
published_at	2026-04-12T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72864
published_at	2026-04-16T12:55:00Z

value	0.00849
scoring_system	epss
scoring_elements	0.74896
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52356

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251344

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251344

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/622

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/622

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/546

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/546

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524
reference_id	1061524
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.3::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id	cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb
reference_id	cpe:/a:redhat:rhel_eus:9.6::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0
reference_id	cpe:/o:redhat:enterprise_linux_eus:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0

reference_url

https://access.redhat.com/security/cve/CVE-2023-52356

reference_id

CVE-2023-52356

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/security/cve/CVE-2023-52356

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52356
reference_id	CVE-2023-52356
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52356

reference_url

https://access.redhat.com/errata/RHSA-2024:5079

reference_id

RHSA-2024:5079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2024:5079

reference_url

https://access.redhat.com/errata/RHSA-2025:20801

reference_id

RHSA-2025:20801

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2025:20801

reference_url

reference_id

RHSA-2025:21994

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23078

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23080

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2026:3461

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2026:3462

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:5958

reference_url

reference_id

RHSA-2026:5958

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:5958

reference_url

https://access.redhat.com/errata/RHSA-2026:7081

reference_id

RHSA-2026:7081

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7081

reference_url

https://access.redhat.com/errata/RHSA-2026:7304

reference_id

RHSA-2026:7304

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7304

reference_url

https://access.redhat.com/errata/RHSA-2026:7335

reference_id

RHSA-2026:7335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7335

reference_url

https://access.redhat.com/errata/RHSA-2026:8746

reference_id

RHSA-2026:8746

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8746

reference_url

https://access.redhat.com/errata/RHSA-2026:8747

reference_id

RHSA-2026:8747

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8747

reference_url

https://access.redhat.com/errata/RHSA-2026:8748

reference_id

RHSA-2026:8748

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://usn.ubuntu.com/6644-1/
reference_id	USN-6644-1
reference_type
scores
url	https://usn.ubuntu.com/6644-1/

reference_url	https://usn.ubuntu.com/6644-2/
reference_id	USN-6644-2
reference_type
scores
url	https://usn.ubuntu.com/6644-2/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-52356

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ua38-ur2u-eues

url VCID-ucr1-vp5p-jqck

vulnerability_id VCID-ucr1-vp5p-jqck

summary Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1355

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15516
published_at	2026-04-04T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15406
published_at	2026-04-01T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15447
published_at	2026-04-02T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17135
published_at	2026-04-09T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16989
published_at	2026-04-07T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17079
published_at	2026-04-08T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16937
published_at	2026-04-16T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16938
published_at	2026-04-18T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17111
published_at	2026-04-11T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17064
published_at	2026-04-12T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17002
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22674
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/400
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/400

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/323
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/323

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160
reference_id	1011160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074415
reference_id	2074415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074415

reference_url

reference_id

AVG-2721

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json

reference_url	https://access.redhat.com/security/cve/CVE-2022-1355
reference_id	CVE-2022-1355
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1355

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1355
reference_id	CVE-2022-1355
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1355

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1355

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucr1-vp5p-jqck

url VCID-v4rx-c1w4-pbb3

vulnerability_id VCID-v4rx-c1w4-pbb3

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3618

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.43964
published_at	2026-04-21T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44003
published_at	2026-04-02T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44026
published_at	2026-04-04T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43957
published_at	2026-04-07T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44008
published_at	2026-04-08T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4401
published_at	2026-04-09T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44025
published_at	2026-04-11T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43993
published_at	2026-04-12T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43977
published_at	2026-04-13T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44039
published_at	2026-04-16T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4403
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3618

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2215865

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2215865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945
reference_id	1040945
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-3618

reference_id

CVE-2023-3618

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://access.redhat.com/security/cve/CVE-2023-3618

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3618
reference_id	CVE-2023-3618
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3618

reference_url

https://support.apple.com/kb/HT214036

reference_id

HT214036

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214036

reference_url

https://support.apple.com/kb/HT214037

reference_id

HT214037

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214037

reference_url

https://support.apple.com/kb/HT214038

reference_id

HT214038

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214038

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230824-0012/

reference_id

ntap-20230824-0012

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://security.netapp.com/advisory/ntap-20230824-0012/

reference_url	https://access.redhat.com/errata/RHSA-2024:2289
reference_id	RHSA-2024:2289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2289

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-3618

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rx-c1w4-pbb3

url VCID-vu6r-464p-4ue3

vulnerability_id VCID-vu6r-464p-4ue3

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4645

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01862
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01921
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01874
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01877
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01891
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01876
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01861
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01856
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01839
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01837
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/277

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/277

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2176220
reference_id	2176220
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2176220

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/

reference_id

2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/

reference_id

BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-4645
reference_id	CVE-2022-4645
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-4645

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json

reference_id

CVE-2022-4645.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json

reference_url

https://security.netapp.com/advisory/ntap-20230331-0001/

reference_id

ntap-20230331-0001

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://security.netapp.com/advisory/ntap-20230331-0001/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/

reference_id

OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2024:3059
reference_id	RHSA-2024:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3059

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-4645

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vu6r-464p-4ue3

url VCID-vzr7-wz88-h7gx

vulnerability_id VCID-vzr7-wz88-h7gx

summary libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2868

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03458
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03374
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03351
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03328
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0334
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03416
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03419
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03441
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03402
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07279
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07322
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118863
reference_id	2118863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118863

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2868
reference_id	CVE-2022-2868
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2868

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2868

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzr7-wz88-h7gx

url VCID-wza2-4rcj-hkcd

vulnerability_id VCID-wza2-4rcj-hkcd

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0797

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/495

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/495

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170151
reference_id	2170151
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170151

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0797
reference_id	CVE-2023-0797
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0797

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json

reference_id

CVE-2023-0797.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0797

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wza2-4rcj-hkcd

url VCID-x9xf-wuyn-6ffg

vulnerability_id VCID-x9xf-wuyn-6ffg

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0802

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/500

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/500

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170178
reference_id	2170178
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170178

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0802
reference_id	CVE-2023-0802
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0802

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json

reference_id

CVE-2023-0802.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0802

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9xf-wuyn-6ffg

url VCID-xmwn-vxux-h7g3

vulnerability_id VCID-xmwn-vxux-h7g3

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25435

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09455
published_at	2026-04-02T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09491
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09504
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09417
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14206
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.1415
published_at	2026-04-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.1404
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14299
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14245
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1629
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/518

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T19:11:03Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/518

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2216614
reference_id	2216614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2216614

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25435
reference_id	CVE-2023-25435
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25435

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-25435

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwn-vxux-h7g3

url VCID-z1vf-mhw2-ducs

vulnerability_id VCID-z1vf-mhw2-ducs

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25433

reference_id

reference_type

scores

value	0.00024
scoring_system	epss
scoring_elements	0.06633
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07209
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07204
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07247
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07226
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0728
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07307
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07289
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25433

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/520

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/520

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/467

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2218744
reference_id	2218744
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2218744

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25433
reference_id	CVE-2023-25433
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25433

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url	https://access.redhat.com/errata/RHSA-2024:5079
reference_id	RHSA-2024:5079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5079

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-25433

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1vf-mhw2-ducs

url VCID-zedn-437q-47b2

vulnerability_id VCID-zedn-437q-47b2

summary Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10258
published_at	2026-04-01T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10413
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10441
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1031
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10282
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10378
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10446
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1033
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10403
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10466
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10496
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10463
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/385
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/385

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406
reference_id	2064406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0865
reference_id	CVE-2022-0865
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0865

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
reference_id	CVE-2022-0865.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0865

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2

url VCID-zwbu-yezc-4yck

vulnerability_id VCID-zwbu-yezc-4yck

summary libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3597

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07606
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0762
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07633
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07614
published_at	2026-04-08T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.0815
published_at	2026-04-21T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08007
published_at	2026-04-16T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07992
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0836
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08413
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142736
reference_id	2142736
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142736

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/413

reference_id

413

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/413

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3597
reference_id	CVE-2022-3597
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3597

reference_url

reference_id

CVE-2022-3597.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3597

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwbu-yezc-4yck

Fixing_vulnerabilities

url VCID-1asc-7axg-6ben

vulnerability_id VCID-1asc-7axg-6ben

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15209.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15209.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15209

reference_id

reference_type

scores

value	0.00628
scoring_system	epss
scoring_elements	0.70176
published_at	2026-04-01T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70188
published_at	2026-04-02T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70205
published_at	2026-04-04T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70182
published_at	2026-04-07T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70228
published_at	2026-04-08T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70243
published_at	2026-04-09T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70266
published_at	2026-04-11T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70251
published_at	2026-04-12T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70238
published_at	2026-04-13T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.7028
published_at	2026-04-16T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70289
published_at	2026-04-18T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.7027
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1614051
reference_id	1614051
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1614051

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905798
reference_id	905798
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905798

reference_url	https://access.redhat.com/errata/RHSA-2024:5079
reference_id	RHSA-2024:5079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5079

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-15209

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1asc-7axg-6ben

url VCID-1csm-m3wq-tbck

vulnerability_id VCID-1csm-m3wq-tbck

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11335.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11335.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11335

reference_id

reference_type

scores

value	0.01374
scoring_system	epss
scoring_elements	0.80186
published_at	2026-04-01T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80274
published_at	2026-04-21T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80269
published_at	2026-04-16T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80271
published_at	2026-04-18T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80194
published_at	2026-04-02T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80214
published_at	2026-04-04T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80203
published_at	2026-04-07T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80231
published_at	2026-04-08T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80241
published_at	2026-04-09T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80259
published_at	2026-04-11T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80245
published_at	2026-04-12T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80239
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1474356
reference_id	1474356
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1474356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868513
reference_id	868513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868513

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-11335

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1csm-m3wq-tbck

url VCID-1rsr-q1uf-ekav

vulnerability_id VCID-1rsr-q1uf-ekav

summary security update

references

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2770
reference_id
reference_type
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2770

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18013.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18013

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.50492
published_at	2026-04-21T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50416
published_at	2026-04-07T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.5047
published_at	2026-04-08T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50463
published_at	2026-04-09T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50505
published_at	2026-04-11T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50482
published_at	2026-04-12T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50467
published_at	2026-04-13T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.5051
published_at	2026-04-16T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50515
published_at	2026-04-18T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60153
published_at	2026-04-02T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60075
published_at	2026-04-01T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60178
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01

reference_url	https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html

reference_url	https://www.debian.org/security/2018/dsa-4100
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4100

reference_url	http://www.securityfocus.com/bid/102345
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102345

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1530440
reference_id	1530440
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1530440

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885985
reference_id	885985
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885985

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-813

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18013

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_id	cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*

reference_url

reference_id

CVE-2017-18013

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18013

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-18013

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rsr-q1uf-ekav

url VCID-25fx-7kmb-fqhm

vulnerability_id VCID-25fx-7kmb-fqhm

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18116
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18222
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18226
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18179
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18128
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18072
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18084
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18082
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18166
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24564
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24601
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24438
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/278
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/278

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148
reference_id	2064148
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19144.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924
reference_id	CVE-2022-0924
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json
reference_id	CVE-2022-0924.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0924

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm

url VCID-39ee-trms-qkes

vulnerability_id VCID-39ee-trms-qkes

summary libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-19144

reference_id

reference_type

scores

value	0.01504
scoring_system	epss
scoring_elements	0.81099
published_at	2026-04-01T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81108
published_at	2026-04-02T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81133
published_at	2026-04-04T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81131
published_at	2026-04-07T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81159
published_at	2026-04-08T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81165
published_at	2026-04-09T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81184
published_at	2026-04-11T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81171
published_at	2026-04-12T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81164
published_at	2026-04-13T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81201
published_at	2026-04-16T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.81202
published_at	2026-04-18T12:55:00Z

value	0.01504
scoring_system	epss
scoring_elements	0.812
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-19144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19144

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003799
reference_id	2003799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003799

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2020-19144

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39ee-trms-qkes

url VCID-45zg-bst2-byff

vulnerability_id VCID-45zg-bst2-byff

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10688.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10688.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-10688

reference_id

reference_type

scores

value	0.06845
scoring_system	epss
scoring_elements	0.91305
published_at	2026-04-01T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91379
published_at	2026-04-18T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91355
published_at	2026-04-13T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91381
published_at	2026-04-21T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91309
published_at	2026-04-02T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.9132
published_at	2026-04-04T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91327
published_at	2026-04-07T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91339
published_at	2026-04-08T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91346
published_at	2026-04-09T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91353
published_at	2026-04-11T12:55:00Z

value	0.06845
scoring_system	epss
scoring_elements	0.91356
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-10688

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1470241
reference_id	1470241
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1470241

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866611
reference_id	866611
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866611

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2712
reference_id	CVE-2017-10688
reference_type	exploit
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2712

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42299.txt
reference_id	CVE-2017-10688
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42299.txt

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-10688

risk_score 6.0

exploitability 2.0

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45zg-bst2-byff

url VCID-4mq7-s2p6-yufr

vulnerability_id VCID-4mq7-s2p6-yufr

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42924
published_at	2026-04-01T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42969
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42985
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43045
published_at	2026-04-16T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43033
published_at	2026-04-18T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42988
published_at	2026-04-02T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43015
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42952
published_at	2026-04-07T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43002
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43014
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43036
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/392
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/392

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143
reference_id	2064143
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18557.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907
reference_id	CVE-2022-0907
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
reference_id	CVE-2022-0907.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0907

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr

url VCID-4n8m-6c1e-f7ba

vulnerability_id VCID-4n8m-6c1e-f7ba

summary

A vulnerability in libTIFF could lead to a Denial of Service
    condition.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18557.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18557

reference_id

reference_type

scores

value	0.24463
scoring_system	epss
scoring_elements	0.9613
published_at	2026-04-21T12:55:00Z

value	0.24463
scoring_system	epss
scoring_elements	0.9611
published_at	2026-04-09T12:55:00Z

value	0.24463
scoring_system	epss
scoring_elements	0.96112
published_at	2026-04-12T12:55:00Z

value	0.24463
scoring_system	epss
scoring_elements	0.96115
published_at	2026-04-13T12:55:00Z

value	0.24463
scoring_system	epss
scoring_elements	0.96124
published_at	2026-04-16T12:55:00Z

value	0.24463
scoring_system	epss
scoring_elements	0.96128
published_at	2026-04-18T12:55:00Z

value	0.30054
scoring_system	epss
scoring_elements	0.96652
published_at	2026-04-08T12:55:00Z

value	0.30054
scoring_system	epss
scoring_elements	0.96644
published_at	2026-04-07T12:55:00Z

value	0.32235
scoring_system	epss
scoring_elements	0.96816
published_at	2026-04-04T12:55:00Z

value	0.32235
scoring_system	epss
scoring_elements	0.96807
published_at	2026-04-01T12:55:00Z

value	0.32235
scoring_system	epss
scoring_elements	0.96814
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1644229
reference_id	1644229
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1644229

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911635
reference_id	911635
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911635

reference_url	https://security.archlinux.org/ASA-201811-17
reference_id	ASA-201811-17
reference_type
scores
url	https://security.archlinux.org/ASA-201811-17

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-790

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_url	https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
reference_id	CVE-2018-18557
reference_type	exploit
scores
url	https://bugs.chromium.org/p/project-zero/issues/detail?id=1697

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45694.c
reference_id	CVE-2018-18557
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45694.c

reference_url	https://security.gentoo.org/glsa/201904-15
reference_id	GLSA-201904-15
reference_type
scores
url	https://security.gentoo.org/glsa/201904-15

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-18557

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n8m-6c1e-f7ba

url VCID-5mak-1mkk-wkdg

vulnerability_id VCID-5mak-1mkk-wkdg

summary

NULL Pointer Dereference
Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.1844
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18557
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18512
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18461
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18404
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18425
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18505
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27971
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28012
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27915
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494
reference_id	2054494
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561
reference_id	CVE-2022-0561
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json
reference_id	CVE-2022-0561.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0561

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg

url VCID-6sb9-u71x-j7f5

vulnerability_id VCID-6sb9-u71x-j7f5

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45566
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45546
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45516
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45521
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45569
published_at	2026-04-16T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4547
published_at	2026-04-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45525
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45527
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50258
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50287
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50218
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040
reference_id	1932040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523
reference_id	CVE-2020-35523
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35523

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5

url VCID-7jpu-rtje-mke4

vulnerability_id VCID-7jpu-rtje-mke4

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19210.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19210.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19210

reference_id

reference_type

scores

value	0.04911
scoring_system	epss
scoring_elements	0.89569
published_at	2026-04-01T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89572
published_at	2026-04-02T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89585
published_at	2026-04-07T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89602
published_at	2026-04-08T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89607
published_at	2026-04-09T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89621
published_at	2026-04-16T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89623
published_at	2026-04-18T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89615
published_at	2026-04-11T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89614
published_at	2026-04-12T12:55:00Z

value	0.04911
scoring_system	epss
scoring_elements	0.89608
published_at	2026-04-13T12:55:00Z

value	0.06297
scoring_system	epss
scoring_elements	0.90977
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1649385
reference_id	1649385
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1649385

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913675
reference_id	913675
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913675

reference_url	https://security.gentoo.org/glsa/202003-25
reference_id	GLSA-202003-25
reference_type
scores
url	https://security.gentoo.org/glsa/202003-25

reference_url	https://usn.ubuntu.com/3906-1/
reference_id	USN-3906-1
reference_type
scores
url	https://usn.ubuntu.com/3906-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-19210

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jpu-rtje-mke4

url VCID-aa6m-3c5d-hfat

vulnerability_id VCID-aa6m-3c5d-hfat

summary security update

references

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2798
reference_id
reference_type
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2798

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12900

reference_id

reference_type

scores

value	0.09894
scoring_system	epss
scoring_elements	0.92973
published_at	2026-04-01T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.93021
published_at	2026-04-21T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.93001
published_at	2026-04-13T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.93011
published_at	2026-04-16T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.93014
published_at	2026-04-18T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.92982
published_at	2026-04-02T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.92986
published_at	2026-04-04T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.92985
published_at	2026-04-07T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.92993
published_at	2026-04-08T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.92998
published_at	2026-04-09T12:55:00Z

value	0.09894
scoring_system	epss
scoring_elements	0.93003
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
reference_id
reference_type
scores
url	https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900

reference_url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html

reference_url	https://www.debian.org/security/2020/dsa-4670
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595575
reference_id	1595575
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595575

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718
reference_id	902718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_id	cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12900

reference_id

CVE-2018-12900

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12900

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://access.redhat.com/errata/RHSA-2019:3419
reference_id	RHSA-2019:3419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3419

reference_url	https://usn.ubuntu.com/3906-1/
reference_id	USN-3906-1
reference_type
scores
url	https://usn.ubuntu.com/3906-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-12900

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aa6m-3c5d-hfat

url VCID-at8c-pabb-z3d5

vulnerability_id VCID-at8c-pabb-z3d5

summary libtiff: a buffer overflow via the "invertImage()" may lead to DoS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19131.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-19131

reference_id

reference_type

scores

value	0.0055
scoring_system	epss
scoring_elements	0.67972
published_at	2026-04-21T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67974
published_at	2026-04-12T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67939
published_at	2026-04-13T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67976
published_at	2026-04-16T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.6799
published_at	2026-04-18T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67898
published_at	2026-04-07T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67949
published_at	2026-04-08T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67963
published_at	2026-04-09T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67987
published_at	2026-04-11T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73969
published_at	2026-04-02T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73995
published_at	2026-04-04T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73962
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-19131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19131

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2004031
reference_id	2004031
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2004031

reference_url	https://access.redhat.com/errata/RHSA-2022:1810
reference_id	RHSA-2022:1810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1810

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2020-19131

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at8c-pabb-z3d5

url VCID-cbhv-yme7-buby

vulnerability_id VCID-cbhv-yme7-buby

summary libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_id

reference_type

scores

value	0.00972
scoring_system	epss
scoring_elements	0.76583
published_at	2026-04-01T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76586
published_at	2026-04-02T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76615
published_at	2026-04-04T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76596
published_at	2026-04-07T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76627
published_at	2026-04-08T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76639
published_at	2026-04-09T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76666
published_at	2026-04-11T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76645
published_at	2026-04-12T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76636
published_at	2026-04-13T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76677
published_at	2026-04-16T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76681
published_at	2026-04-18T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.7667
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801
reference_id	2003801
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801

reference_url	https://usn.ubuntu.com/5084-1/
reference_id	USN-5084-1
reference_type
scores
url	https://usn.ubuntu.com/5084-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-19143

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby

url VCID-cm5h-b1g9-tkg9

vulnerability_id VCID-cm5h-b1g9-tkg9

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_id

reference_type

scores

value	0.00413
scoring_system	epss
scoring_elements	0.614
published_at	2026-04-01T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61477
published_at	2026-04-02T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61505
published_at	2026-04-04T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61475
published_at	2026-04-07T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61523
published_at	2026-04-08T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61537
published_at	2026-04-09T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61559
published_at	2026-04-11T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61546
published_at	2026-04-12T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61526
published_at	2026-04-13T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61567
published_at	2026-04-16T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61571
published_at	2026-04-18T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61556
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044
reference_id	1932044
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524
reference_id	CVE-2020-35524
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35524

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9

url VCID-d3ym-a4bv-ybaz

vulnerability_id VCID-d3ym-a4bv-ybaz

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9935.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9935.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9935

reference_id

reference_type

scores

value	0.00485
scoring_system	epss
scoring_elements	0.65376
published_at	2026-04-21T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65356
published_at	2026-04-08T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65367
published_at	2026-04-09T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65386
published_at	2026-04-11T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65373
published_at	2026-04-12T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65345
published_at	2026-04-13T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65381
published_at	2026-04-16T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65392
published_at	2026-04-18T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65304
published_at	2026-04-07T12:55:00Z

value	0.00553
scoring_system	epss
scoring_elements	0.68014
published_at	2026-04-02T12:55:00Z

value	0.00553
scoring_system	epss
scoring_elements	0.67992
published_at	2026-04-01T12:55:00Z

value	0.00553
scoring_system	epss
scoring_elements	0.68033
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9935

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1469725
reference_id	1469725
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1469725

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109
reference_id	866109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109

reference_url	https://security.archlinux.org/ASA-201811-17
reference_id	ASA-201811-17
reference_type
scores
url	https://security.archlinux.org/ASA-201811-17

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-790

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6128.json

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-9935

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3ym-a4bv-ybaz

url VCID-dh5n-3ubj-1uhu

vulnerability_id VCID-dh5n-3ubj-1uhu

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in a Denial of Service condition.

references

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2836
reference_id
reference_type
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2836

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html

reference_url	http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6128.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6128

reference_id

reference_type

scores

value	0.02335
scoring_system	epss
scoring_elements	0.84769
published_at	2026-04-01T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84863
published_at	2026-04-21T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84852
published_at	2026-04-11T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84849
published_at	2026-04-12T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84843
published_at	2026-04-13T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84865
published_at	2026-04-18T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84784
published_at	2026-04-02T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84803
published_at	2026-04-04T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84805
published_at	2026-04-07T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84827
published_at	2026-04-08T12:55:00Z

value	0.02335
scoring_system	epss
scoring_elements	0.84833
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6128

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8

reference_url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html

reference_url	https://seclists.org/bugtraq/2019/Nov/5
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Nov/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1667122
reference_id	1667122
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1667122

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921157
reference_id	921157
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921157

reference_url	https://security.archlinux.org/ASA-201911-13
reference_id	ASA-201911-13
reference_type
scores
url	https://security.archlinux.org/ASA-201911-13

reference_url

reference_id

AVG-886

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*
reference_id	cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url

reference_id

CVE-2019-6128

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6128

reference_url	https://security.gentoo.org/glsa/202003-25
reference_id	GLSA-202003-25
reference_type
scores
url	https://security.gentoo.org/glsa/202003-25

reference_url	https://usn.ubuntu.com/3906-1/
reference_id	USN-3906-1
reference_type
scores
url	https://usn.ubuntu.com/3906-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2019-6128

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5n-3ubj-1uhu

url VCID-f1g1-tv8m-pudk

vulnerability_id VCID-f1g1-tv8m-pudk

summary libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17795.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17795

reference_id

reference_type

scores

value	0.01525
scoring_system	epss
scoring_elements	0.81317
published_at	2026-04-21T12:55:00Z

value	0.01525
scoring_system	epss
scoring_elements	0.81316
published_at	2026-04-16T12:55:00Z

value	0.01525
scoring_system	epss
scoring_elements	0.81318
published_at	2026-04-18T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81685
published_at	2026-04-02T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81705
published_at	2026-04-07T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81732
published_at	2026-04-08T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81736
published_at	2026-04-09T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81756
published_at	2026-04-11T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81743
published_at	2026-04-12T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81737
published_at	2026-04-13T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81674
published_at	2026-04-01T12:55:00Z

value	0.01606
scoring_system	epss
scoring_elements	0.81708
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17795

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1635091
reference_id	1635091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1635091

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-17795

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1g1-tv8m-pudk

url VCID-f2ar-xeec-1bfs

vulnerability_id VCID-f2ar-xeec-1bfs

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17000.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17000.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17000

reference_id

reference_type

scores

value	0.01208
scoring_system	epss
scoring_elements	0.78929
published_at	2026-04-01T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78935
published_at	2026-04-02T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78963
published_at	2026-04-04T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78946
published_at	2026-04-07T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78971
published_at	2026-04-08T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78977
published_at	2026-04-09T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.79001
published_at	2026-04-18T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78986
published_at	2026-04-12T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.78975
published_at	2026-04-13T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.79003
published_at	2026-04-16T12:55:00Z

value	0.01208
scoring_system	epss
scoring_elements	0.79
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1630004
reference_id	1630004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1630004

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908778
reference_id	908778
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908778

reference_url	https://usn.ubuntu.com/3906-1/
reference_id	USN-3906-1
reference_type
scores
url	https://usn.ubuntu.com/3906-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-17000

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2ar-xeec-1bfs

url VCID-g55a-2qfb-kkev

vulnerability_id VCID-g55a-2qfb-kkev

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9936.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9936.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9936

reference_id

reference_type

scores

value	0.05227
scoring_system	epss
scoring_elements	0.89967
published_at	2026-04-21T12:55:00Z

value	0.05865
scoring_system	epss
scoring_elements	0.9058
published_at	2026-04-18T12:55:00Z

value	0.05865
scoring_system	epss
scoring_elements	0.90563
published_at	2026-04-13T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90701
published_at	2026-04-04T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.9071
published_at	2026-04-07T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90721
published_at	2026-04-08T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90727
published_at	2026-04-09T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90736
published_at	2026-04-11T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90737
published_at	2026-04-12T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90685
published_at	2026-04-01T12:55:00Z

value	0.06042
scoring_system	epss
scoring_elements	0.90691
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9936

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1469728
reference_id	1469728
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1469728

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866113
reference_id	866113
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866113

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2706
reference_id	CVE-2017-9936
reference_type	exploit
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2706

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42300.txt
reference_id	CVE-2017-9936
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42300.txt

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-9936

risk_score 6.0

exploitability 2.0

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g55a-2qfb-kkev

url VCID-gmhp-4yx2-gfbv

vulnerability_id VCID-gmhp-4yx2-gfbv

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42396
published_at	2026-04-01T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42405
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42451
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42501
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42476
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42467
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42497
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42435
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42486
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42495
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42518
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42481
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/393
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/393

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146
reference_id	2064146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17100.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909
reference_id	CVE-2022-0909
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json
reference_id	CVE-2022-0909.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0909

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv

url VCID-h4fa-k99r-zqdh

vulnerability_id VCID-h4fa-k99r-zqdh

summary security update

references

reference_url

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17100.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17100

reference_id

reference_type

scores

value	0.00302
scoring_system	epss
scoring_elements	0.53512
published_at	2026-04-21T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.5349
published_at	2026-04-13T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.53526
published_at	2026-04-16T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.53531
published_at	2026-04-18T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54772
published_at	2026-04-04T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54792
published_at	2026-04-08T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54789
published_at	2026-04-09T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54801
published_at	2026-04-11T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54785
published_at	2026-04-12T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54749
published_at	2026-04-02T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54742
published_at	2026-04-07T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1631069
reference_id	1631069
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1631069

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909038
reference_id	909038
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909038

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-17100

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4fa-k99r-zqdh

url VCID-h6gn-kv5x-bbd5

vulnerability_id VCID-h6gn-kv5x-bbd5

summary

Out-of-bounds Write
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08006
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08185
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08136
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08041
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08026
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08105
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08148
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08097
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08157
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08179
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08172
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08153
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/380
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/380

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/382
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/382

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411
reference_id	2064411
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13726.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891
reference_id	CVE-2022-0891
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
reference_id	CVE-2022-0891.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0891

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5

url VCID-hbvy-33n2-vqdz

vulnerability_id VCID-hbvy-33n2-vqdz

summary security update

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13726.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-13726

reference_id

reference_type

scores

value	0.0064
scoring_system	epss
scoring_elements	0.7047
published_at	2026-04-01T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70565
published_at	2026-04-21T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70548
published_at	2026-04-12T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70534
published_at	2026-04-13T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70578
published_at	2026-04-16T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70587
published_at	2026-04-18T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70483
published_at	2026-04-02T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70501
published_at	2026-04-04T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70478
published_at	2026-04-07T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70524
published_at	2026-04-08T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.7054
published_at	2026-04-09T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70563
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488886
reference_id	1488886
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488886

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873880
reference_id	873880
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873880

reference_url

https://security.archlinux.org/AVG-814

reference_id

AVG-814

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-814

reference_url

https://security.archlinux.org/AVG-815

reference_id

AVG-815

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-815

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-13726

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbvy-33n2-vqdz

url VCID-j7hm-kkvp-uqex

vulnerability_id VCID-j7hm-kkvp-uqex

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in a Denial of Service condition.

references

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2833
reference_id
reference_type
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2833

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7663.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7663

reference_id

reference_type

scores

value	0.00698
scoring_system	epss
scoring_elements	0.71976
published_at	2026-04-21T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71946
published_at	2026-04-13T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71986
published_at	2026-04-16T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71991
published_at	2026-04-18T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71903
published_at	2026-04-01T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71911
published_at	2026-04-02T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.7193
published_at	2026-04-04T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71906
published_at	2026-04-07T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71945
published_at	2026-04-08T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71957
published_at	2026-04-09T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71981
published_at	2026-04-11T12:55:00Z

value	0.00698
scoring_system	epss
scoring_elements	0.71963
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39

reference_url	https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html

reference_url	https://www.debian.org/security/2020/dsa-4670
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1677528
reference_id	1677528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1677528

reference_url	https://security.archlinux.org/ASA-201911-13
reference_id	ASA-201911-13
reference_type
scores
url	https://security.archlinux.org/ASA-201911-13

reference_url

reference_id

AVG-886

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7663

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*
reference_id	cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url

reference_id

CVE-2019-7663

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7663

reference_url	https://security.gentoo.org/glsa/202003-25
reference_id	GLSA-202003-25
reference_type
scores
url	https://security.gentoo.org/glsa/202003-25

reference_url	https://usn.ubuntu.com/3906-1/
reference_id	USN-3906-1
reference_type
scores
url	https://usn.ubuntu.com/3906-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2019-7663

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7hm-kkvp-uqex

url VCID-jfme-eq8v-afht

vulnerability_id VCID-jfme-eq8v-afht

summary libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18768.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18768.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-18768

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09017
published_at	2026-04-02T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09068
published_at	2026-04-04T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08992
published_at	2026-04-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09072
published_at	2026-04-12T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09104
published_at	2026-04-09T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09105
published_at	2026-04-11T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09058
published_at	2026-04-13T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08953
published_at	2026-04-16T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08934
published_at	2026-04-18T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09086
published_at	2026-04-21T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09014
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-18768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18768

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235458
reference_id	2235458
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235458

reference_url

http://bugzilla.maptools.org/show_bug.cgi?id=2848

reference_id

show_bug.cgi?id=2848

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:35:49Z/

url

http://bugzilla.maptools.org/show_bug.cgi?id=2848

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2020-18768

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfme-eq8v-afht

url VCID-kpq7-5vsv-pucy

vulnerability_id VCID-kpq7-5vsv-pucy

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10543
published_at	2026-04-01T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10703
published_at	2026-04-21T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10696
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10558
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10575
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10687
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1075
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10609
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10682
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10737
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10752
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1072
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/383
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/383

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145
reference_id	2064145
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908
reference_id	CVE-2022-0908
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json
reference_id	CVE-2022-0908.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0908

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy

url VCID-mhwh-tsst-cfaj

vulnerability_id VCID-mhwh-tsst-cfaj

summary

Out-of-bounds Read
LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18352
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18367
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18312
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18325
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18569
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18623
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18331
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18414
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18466
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/355
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/355

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603
reference_id	2042603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844
reference_id	CVE-2022-22844
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-22844

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj

url VCID-nnvs-e9na-p7fu

vulnerability_id VCID-nnvs-e9na-p7fu

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17546

reference_id

reference_type

scores

value	0.00373
scoring_system	epss
scoring_elements	0.58929
published_at	2026-04-01T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59071
published_at	2026-04-18T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59051
published_at	2026-04-12T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59032
published_at	2026-04-13T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59067
published_at	2026-04-16T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59004
published_at	2026-04-02T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59026
published_at	2026-04-04T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.58992
published_at	2026-04-07T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59044
published_at	2026-04-08T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.5905
published_at	2026-04-21T12:55:00Z

value	0.00373
scoring_system	epss
scoring_elements	0.59069
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17546

reference_url	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
reference_id
reference_type
scores
url	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
reference_id
reference_type
scores
url	https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf

reference_url	https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145

reference_url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/

reference_url	https://seclists.org/bugtraq/2020/Jan/32
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Jan/32

reference_url	https://security.netapp.com/advisory/ntap-20241220-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20241220-0007/

reference_url	https://www.debian.org/security/2020/dsa-4608
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4608

reference_url	https://www.debian.org/security/2020/dsa-4670
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1765705
reference_id	1765705
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1765705

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff::::::::
reference_id	cpe:2.3:a:libtiff:libtiff::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal::::::::
reference_id	cpe:2.3:a:osgeo:gdal::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17546

reference_id

CVE-2019-17546

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17546

reference_url	https://security.gentoo.org/glsa/202003-25
reference_id	GLSA-202003-25
reference_type
scores
url	https://security.gentoo.org/glsa/202003-25

reference_url	https://access.redhat.com/errata/RHSA-2020:3902
reference_id	RHSA-2020:3902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3902

reference_url	https://access.redhat.com/errata/RHSA-2020:4634
reference_id	RHSA-2020:4634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4634

reference_url	https://usn.ubuntu.com/4158-1/
reference_id	USN-4158-1
reference_type
scores
url	https://usn.ubuntu.com/4158-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2019-17546

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnvs-e9na-p7fu

url VCID-p3k1-dpdf-e3f3

vulnerability_id VCID-p3k1-dpdf-e3f3

summary libtiff: tiff2bw tool failed memory allocation leads to crash

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18661.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18661.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18661

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37476
published_at	2026-04-21T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37512
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37558
published_at	2026-04-16T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.3754
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40227
published_at	2026-04-02T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40251
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40174
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40226
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40238
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40249
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40211
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40078
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1644448
reference_id	1644448
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1644448

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912012
reference_id	912012
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912012

reference_url	https://security.archlinux.org/ASA-201811-17
reference_id	ASA-201811-17
reference_type
scores
url	https://security.archlinux.org/ASA-201811-17

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-790

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16335.json

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-18661

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3k1-dpdf-e3f3

url VCID-prsj-fsuv-4ucy

vulnerability_id VCID-prsj-fsuv-4ucy

summary security update

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16335.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16335

reference_id

reference_type

scores

value	0.01825
scoring_system	epss
scoring_elements	0.8282
published_at	2026-04-01T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82836
published_at	2026-04-02T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82849
published_at	2026-04-04T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82845
published_at	2026-04-07T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82871
published_at	2026-04-08T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82878
published_at	2026-04-09T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82893
published_at	2026-04-11T12:55:00Z

value	0.01825
scoring_system	epss
scoring_elements	0.82888
published_at	2026-04-12T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83373
published_at	2026-04-21T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83335
published_at	2026-04-13T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.8337
published_at	2026-04-16T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83372
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1624981
reference_id	1624981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1624981

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907795
reference_id	907795
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907795

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-16335

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prsj-fsuv-4ucy

url VCID-pxhu-5vet-77f1

vulnerability_id VCID-pxhu-5vet-77f1

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14973.json

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14973

reference_id

reference_type

scores

value	0.00965
scoring_system	epss
scoring_elements	0.76507
published_at	2026-04-01T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76512
published_at	2026-04-02T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76541
published_at	2026-04-04T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76523
published_at	2026-04-07T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76555
published_at	2026-04-08T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76566
published_at	2026-04-09T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76592
published_at	2026-04-11T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76571
published_at	2026-04-12T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76564
published_at	2026-04-13T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76606
published_at	2026-04-16T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.7661
published_at	2026-04-18T12:55:00Z

value	0.00965
scoring_system	epss
scoring_elements	0.76598
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1745951
reference_id	1745951
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1745951

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934780
reference_id	934780
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934780

reference_url	https://access.redhat.com/errata/RHSA-2020:1688
reference_id	RHSA-2020:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1688

reference_url	https://access.redhat.com/errata/RHSA-2020:3902
reference_id	RHSA-2020:3902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3902

reference_url	https://usn.ubuntu.com/4158-1/
reference_id	USN-4158-1
reference_type
scores
url	https://usn.ubuntu.com/4158-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2019-14973

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxhu-5vet-77f1

url VCID-qez8-xv6h-e3hx

vulnerability_id VCID-qez8-xv6h-e3hx

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11613.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11613.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11613

reference_id

reference_type

scores

value	0.00548
scoring_system	epss
scoring_elements	0.67829
published_at	2026-04-01T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67922
published_at	2026-04-21T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67891
published_at	2026-04-13T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67929
published_at	2026-04-16T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67941
published_at	2026-04-18T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67853
published_at	2026-04-07T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67872
published_at	2026-04-04T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67903
published_at	2026-04-08T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67917
published_at	2026-04-09T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.6794
published_at	2026-04-11T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67927
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1475530
reference_id	1475530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1475530

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869823
reference_id	869823
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869823

reference_url	https://security.archlinux.org/ASA-201811-17
reference_id	ASA-201811-17
reference_type
scores
url	https://security.archlinux.org/ASA-201811-17

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-790

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-11613

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qez8-xv6h-e3hx

url VCID-qsrb-hf2u-tudp

vulnerability_id VCID-qsrb-hf2u-tudp

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09625
published_at	2026-04-21T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09618
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09626
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09596
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0958
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09473
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09477
published_at	2026-04-18T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09497
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09571
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17853
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17906
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17693
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495
reference_id	2054495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5784.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562
reference_id	CVE-2022-0562
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json
reference_id	CVE-2022-0562.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0562

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp

url VCID-r4k1-psbb-53gd

vulnerability_id VCID-r4k1-psbb-53gd

summary security update

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5784.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5784

reference_id

reference_type

scores

value	0.00368
scoring_system	epss
scoring_elements	0.58783
published_at	2026-04-21T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58768
published_at	2026-04-13T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58801
published_at	2026-04-16T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58805
published_at	2026-04-18T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59803
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59827
published_at	2026-04-04T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59798
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59848
published_at	2026-04-08T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59862
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59883
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59867
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5973
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1537740
reference_id	1537740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1537740

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890441
reference_id	890441
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890441

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-813

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17101.json

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-5784

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4k1-psbb-53gd

url VCID-r8kc-zrjf-5ycv

vulnerability_id VCID-r8kc-zrjf-5ycv

summary security update

references

reference_url

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17101.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17101

reference_id

reference_type

scores

value	0.00539
scoring_system	epss
scoring_elements	0.67602
published_at	2026-04-21T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67611
published_at	2026-04-16T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67624
published_at	2026-04-18T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67537
published_at	2026-04-02T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67557
published_at	2026-04-04T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67536
published_at	2026-04-07T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67587
published_at	2026-04-08T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67601
published_at	2026-04-09T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67623
published_at	2026-04-11T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67609
published_at	2026-04-12T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67577
published_at	2026-04-13T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68455
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1631078
reference_id	1631078
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1631078

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909037
reference_id	909037
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909037

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

reference_url	https://usn.ubuntu.com/3906-2/
reference_id	USN-3906-2
reference_type
scores
url	https://usn.ubuntu.com/3906-2/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-17101

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8kc-zrjf-5ycv

url VCID-rn1a-sww4-bffd

vulnerability_id VCID-rn1a-sww4-bffd

summary security update

references

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2795
reference_id
reference_type
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2795

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10963.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10963.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10963

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.33024
published_at	2026-04-21T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33074
published_at	2026-04-08T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33104
published_at	2026-04-09T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33106
published_at	2026-04-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33068
published_at	2026-04-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33044
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33085
published_at	2026-04-16T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33062
published_at	2026-04-18T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.3303
published_at	2026-04-07T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59684
published_at	2026-04-04T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59586
published_at	2026-04-01T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59659
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url	https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html

reference_url	https://www.debian.org/security/2018/dsa-4349
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4349

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1579058
reference_id	1579058
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1579058

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898348
reference_id	898348
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898348

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-813

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10963

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff::::::::
reference_id	cpe:2.3:a:libtiff:libtiff::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

reference_id

CVE-2018-10963

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10963

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-10963

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn1a-sww4-bffd

url VCID-sefx-74dq-pqe1

vulnerability_id VCID-sefx-74dq-pqe1

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8905.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8905.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8905

reference_id

reference_type

scores

value	0.00642
scoring_system	epss
scoring_elements	0.70645
published_at	2026-04-21T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70618
published_at	2026-04-09T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.7064
published_at	2026-04-11T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70626
published_at	2026-04-12T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70612
published_at	2026-04-13T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70657
published_at	2026-04-16T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70666
published_at	2026-04-18T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70557
published_at	2026-04-07T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70602
published_at	2026-04-08T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73218
published_at	2026-04-02T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73239
published_at	2026-04-04T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73208
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1559704
reference_id	1559704
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1559704

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893806
reference_id	893806
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893806

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-813

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7456.json

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-8905

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sefx-74dq-pqe1

url VCID-wk1z-n789-n7cg

vulnerability_id VCID-wk1z-n789-n7cg

summary security update

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7456.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7456

reference_id

reference_type

scores

value	0.00656
scoring_system	epss
scoring_elements	0.71047
published_at	2026-04-18T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.70988
published_at	2026-04-08T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.71004
published_at	2026-04-09T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.71026
published_at	2026-04-21T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.71011
published_at	2026-04-12T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.70994
published_at	2026-04-13T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.7104
published_at	2026-04-16T12:55:00Z

value	0.00656
scoring_system	epss
scoring_elements	0.70946
published_at	2026-04-07T12:55:00Z

value	0.00994
scoring_system	epss
scoring_elements	0.7687
published_at	2026-04-02T12:55:00Z

value	0.00994
scoring_system	epss
scoring_elements	0.76901
published_at	2026-04-04T12:55:00Z

value	0.00994
scoring_system	epss
scoring_elements	0.76863
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1556708
reference_id	1556708
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1556708

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891288
reference_id	891288
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891288

reference_url	https://security.archlinux.org/ASA-201811-18
reference_id	ASA-201811-18
reference_type
scores
url	https://security.archlinux.org/ASA-201811-18

reference_url

reference_id

AVG-791

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-813

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13727.json

reference_url	https://access.redhat.com/errata/RHSA-2019:2051
reference_id	RHSA-2019:2051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2051

reference_url	https://access.redhat.com/errata/RHSA-2019:2053
reference_id	RHSA-2019:2053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2053

reference_url	https://usn.ubuntu.com/3864-1/
reference_id	USN-3864-1
reference_type
scores
url	https://usn.ubuntu.com/3864-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2018-7456

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wk1z-n789-n7cg

url VCID-wuzx-t7h4-uqa8

vulnerability_id VCID-wuzx-t7h4-uqa8

summary security update

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13727.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-13727

reference_id

reference_type

scores

value	0.00636
scoring_system	epss
scoring_elements	0.70352
published_at	2026-04-01T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70446
published_at	2026-04-21T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70458
published_at	2026-04-16T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70466
published_at	2026-04-18T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70364
published_at	2026-04-02T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70381
published_at	2026-04-04T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.7036
published_at	2026-04-07T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70406
published_at	2026-04-08T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70421
published_at	2026-04-09T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70445
published_at	2026-04-11T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.7043
published_at	2026-04-12T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70416
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488887
reference_id	1488887
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488887

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873879
reference_id	873879
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873879

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-13727

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuzx-t7h4-uqa8

url VCID-x7w1-k9zt-qkab

vulnerability_id VCID-x7w1-k9zt-qkab

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17095

reference_id

reference_type

scores

value	0.03989
scoring_system	epss
scoring_elements	0.88354
published_at	2026-04-01T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88419
published_at	2026-04-21T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88417
published_at	2026-04-11T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88409
published_at	2026-04-13T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88424
published_at	2026-04-16T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.8842
published_at	2026-04-18T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88362
published_at	2026-04-02T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88376
published_at	2026-04-04T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88381
published_at	2026-04-07T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.884
published_at	2026-04-08T12:55:00Z

value	0.03989
scoring_system	epss
scoring_elements	0.88406
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html

reference_url	https://www.debian.org/security/2018/dsa-4349
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4349

reference_url	https://www.exploit-db.com/exploits/43322/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/43322/

reference_url	http://www.openwall.com/lists/oss-security/2017/11/30/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/11/30/3

reference_url	http://www.securityfocus.com/bid/102124
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102124

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1524284
reference_id	1524284
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1524284

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320
reference_id	883320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_id	cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:::::::*

reference_url	http://bugzilla.maptools.org/show_bug.cgi?id=2750
reference_id	CVE-2017-17095
reference_type	exploit
scores
url	http://bugzilla.maptools.org/show_bug.cgi?id=2750

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt
reference_id	CVE-2017-17095
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17095

reference_id

CVE-2017-17095

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17095

reference_url	https://security.gentoo.org/glsa/202003-25
reference_id	GLSA-202003-25
reference_type
scores
url	https://security.gentoo.org/glsa/202003-25

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://access.redhat.com/errata/RHSA-2025:4658
reference_id	RHSA-2025:4658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4658

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-17095

risk_score 10.0

exploitability 2.0

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7w1-k9zt-qkab

url VCID-ywac-4ng8-6uhc

vulnerability_id VCID-ywac-4ng8-6uhc

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12944.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12944.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12944

reference_id

reference_type

scores

value	0.0074
scoring_system	epss
scoring_elements	0.72854
published_at	2026-04-01T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72954
published_at	2026-04-21T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72951
published_at	2026-04-16T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72961
published_at	2026-04-18T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72861
published_at	2026-04-02T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72881
published_at	2026-04-04T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72856
published_at	2026-04-07T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72894
published_at	2026-04-08T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72908
published_at	2026-04-09T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72933
published_at	2026-04-11T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.72916
published_at	2026-04-12T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.7291
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1487202
reference_id	1487202
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1487202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872607
reference_id	872607
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872607

reference_url	https://usn.ubuntu.com/3602-1/
reference_id	USN-3602-1
reference_type
scores
url	https://usn.ubuntu.com/3602-1/

reference_url	https://usn.ubuntu.com/3606-1/
reference_id	USN-3606-1
reference_type
scores
url	https://usn.ubuntu.com/3606-1/

fixed_packages

url pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

purl pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1cjh-zx12-2fh2

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1dhy-s5x3-fuf7

vulnerability	VCID-1j12-qxks-wkdh

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1pbp-smgt-duey

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-255p-pm39-1bb3

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-28t9-d8gb-b3h9

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2e1s-2q8y-h3er

vulnerability	VCID-2hvh-x482-5qhw

vulnerability	VCID-2qg1-nxq2-jkht

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-36t6-pnx8-xugd

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3rd2-fv4n-tybf

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-43cd-stdq-pbc9

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45tr-e5rv-6uch

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4e6e-nkkd-j3ef

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5h29-wne5-gbd7

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5t8u-vcjy-t7hx

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6ngq-ungb-sycm

vulnerability	VCID-6q62-2xsj-6kgp

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7a2s-a1kp-wke1

vulnerability	VCID-7dzd-xznd-jug7

vulnerability	VCID-7fes-a88m-q3ft

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-7xr6-sn1k-t7cw

vulnerability	VCID-81ew-t25a-f7gq

vulnerability	VCID-83hb-ksrb-yyb5

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-8f48-6u7s-xyht

vulnerability	VCID-8kgw-n4zx-uqa8

vulnerability	VCID-98zm-dbqt-g3eg

vulnerability	VCID-9bfu-xyxk-xuek

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-9h6w-8dqt-23fr

vulnerability	VCID-9hyt-7jsq-vqc5

vulnerability	VCID-a1hq-fqkv-u7d9

vulnerability	VCID-a3ze-kdhc-muht

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ajwe-qvmr-aqgs

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-b6cu-zk51-hkdv

vulnerability	VCID-baha-p74p-rff4

vulnerability	VCID-bap5-5e3b-8qea

vulnerability	VCID-bf8s-peku-2uht

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-ceb4-e5mz-4fbp

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cswr-9c4x-xyg8

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-czxa-qesr-gfh5

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-dkbt-62ad-bqdq

vulnerability	VCID-dxtf-qzfj-k3aq

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-fc93-fu34-37cx

vulnerability	VCID-g2kq-ch6c-nubm

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gg7k-u39a-kqbw

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-gp1w-v49g-j3aw

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h7df-pn57-byhx

vulnerability	VCID-hbvy-33n2-vqdz

100

vulnerability	VCID-hfrr-s8ge-z7hx

101

vulnerability	VCID-hzcx-8haz-73fn

102

vulnerability	VCID-j7hm-kkvp-uqex

103

vulnerability	VCID-jdv4-3mf6-93hm

104

vulnerability	VCID-jfme-eq8v-afht

105

vulnerability	VCID-jr5v-vzng-nbcb

106

vulnerability	VCID-ju1t-bhyh-v7du

107

vulnerability	VCID-k8kt-55y9-qyac

108

vulnerability	VCID-kpq7-5vsv-pucy

109

vulnerability	VCID-m79s-k9bt-akfc

110

vulnerability	VCID-m7mp-g37h-p3g9

111

vulnerability	VCID-mb38-6e5v-fbah

112

vulnerability	VCID-mhwh-tsst-cfaj

113

vulnerability	VCID-mqad-tkgf-r3ag

114

vulnerability	VCID-mwb4-9fjj-qyfs

115

vulnerability	VCID-n3ta-dm1y-gya5

116

vulnerability	VCID-n5xz-y6bx-myfr

117

vulnerability	VCID-n614-w2nh-rqbe

118

vulnerability	VCID-ndwc-beev-43ck

119

vulnerability	VCID-nnvs-e9na-p7fu

120

vulnerability	VCID-nyjs-ay8u-13gx

121

vulnerability	VCID-p3k1-dpdf-e3f3

122

vulnerability	VCID-p9pe-czsr-9uhu

123

vulnerability	VCID-pczq-1huj-p7hf

124

vulnerability	VCID-pf5w-eted-9kc9

125

vulnerability	VCID-phyw-fvec-1kan

126

vulnerability	VCID-pkdx-ktz1-mbbg

127

vulnerability	VCID-pnpt-r4ke-fufh

128

vulnerability	VCID-prsj-fsuv-4ucy

129

vulnerability	VCID-pxhu-5vet-77f1

130

vulnerability	VCID-pz1t-b538-mbhy

131

vulnerability	VCID-qbff-swap-1uf6

132

vulnerability	VCID-qez8-xv6h-e3hx

133

vulnerability	VCID-qsrb-hf2u-tudp

134

vulnerability	VCID-qy8p-meqk-8yej

135

vulnerability	VCID-r4k1-psbb-53gd

136

vulnerability	VCID-r8kc-zrjf-5ycv

137

vulnerability	VCID-rmap-8g2y-abdc

138

vulnerability	VCID-rn1a-sww4-bffd

139

vulnerability	VCID-rqmj-ns2c-jbh4

140

vulnerability	VCID-rspm-rpj5-8qfj

141

vulnerability	VCID-ruhz-ty5e-nkgr

142

vulnerability	VCID-s2xb-r3c7-7fc4

143

vulnerability	VCID-s4k8-v3sj-23fw

144

vulnerability	VCID-s7s4-ux2t-3yc5

145

vulnerability	VCID-s95z-s4sd-cffs

146

vulnerability	VCID-sefx-74dq-pqe1

147

vulnerability	VCID-sj4y-jbfp-uua3

148

vulnerability	VCID-spqg-q1z6-pyex

149

vulnerability	VCID-tddn-m5ke-euas

150

vulnerability	VCID-tfyj-y9q3-t3ar

151

vulnerability	VCID-tg7w-mbkg-7uhj

152

vulnerability	VCID-tgf9-ax81-fub4

153

vulnerability	VCID-ttb7-w41r-4kfn

154

vulnerability	VCID-u1mj-pxtw-7qet

155

vulnerability	VCID-ua38-ur2u-eues

156

vulnerability	VCID-ucr1-vp5p-jqck

157

vulnerability	VCID-v4rx-c1w4-pbb3

158

vulnerability	VCID-vn6c-kuq7-k3hv

159

vulnerability	VCID-vu6r-464p-4ue3

160

vulnerability	VCID-vxd8-dh75-fqah

161

vulnerability	VCID-vzr7-wz88-h7gx

162

vulnerability	VCID-wes8-vrs4-gygk

163

vulnerability	VCID-wk1z-n789-n7cg

164

vulnerability	VCID-wpd2-zcyv-s7g8

165

vulnerability	VCID-wuzx-t7h4-uqa8

166

vulnerability	VCID-wza2-4rcj-hkcd

167

vulnerability	VCID-x7w1-k9zt-qkab

168

vulnerability	VCID-x91e-13q2-yked

169

vulnerability	VCID-x9hb-1bes-k3hy

170

vulnerability	VCID-x9xf-wuyn-6ffg

171

vulnerability	VCID-xg5z-jss1-3ycp

172

vulnerability	VCID-xg6v-katm-67et

173

vulnerability	VCID-xmwn-vxux-h7g3

174

vulnerability	VCID-xx3b-d12j-8qc4

175

vulnerability	VCID-y7zh-9g8h-z3ce

176

vulnerability	VCID-ytpu-tcxj-guex

177

vulnerability	VCID-ywac-4ng8-6uhc

178

vulnerability	VCID-z1vf-mhw2-ducs

179

vulnerability	VCID-z4fp-77gf-gydw

180

vulnerability	VCID-zd2w-uhnu-x3an

181

vulnerability	VCID-zedn-437q-47b2

182

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5

url pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

purl pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1asc-7axg-6ben

vulnerability	VCID-1csm-m3wq-tbck

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-1rsr-q1uf-ekav

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-39ee-trms-qkes

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-45zg-bst2-byff

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4n8m-6c1e-f7ba

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-7jpu-rtje-mke4

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-aa6m-3c5d-hfat

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-at8c-pabb-z3d5

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-d3ym-a4bv-ybaz

vulnerability	VCID-dh5n-3ubj-1uhu

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-f1g1-tv8m-pudk

vulnerability	VCID-f2ar-xeec-1bfs

vulnerability	VCID-g55a-2qfb-kkev

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h4fa-k99r-zqdh

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-hbvy-33n2-vqdz

vulnerability	VCID-j7hm-kkvp-uqex

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-jfme-eq8v-afht

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-nnvs-e9na-p7fu

vulnerability	VCID-p3k1-dpdf-e3f3

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-prsj-fsuv-4ucy

vulnerability	VCID-pxhu-5vet-77f1

vulnerability	VCID-qez8-xv6h-e3hx

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-r4k1-psbb-53gd

vulnerability	VCID-r8kc-zrjf-5ycv

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-rn1a-sww4-bffd

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-sefx-74dq-pqe1

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wk1z-n789-n7cg

vulnerability	VCID-wuzx-t7h4-uqa8

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x7w1-k9zt-qkab

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-ywac-4ng8-6uhc

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

aliases CVE-2017-12944

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywac-4ng8-6uhc

url VCID-zedn-437q-47b2

vulnerability_id VCID-zedn-437q-47b2

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10258
published_at	2026-04-01T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10413
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10441
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1031
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10282
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10378
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10446
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1033
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10403
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10466
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10496
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10463
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/385
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/385

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406
reference_id	2064406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url