Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2

Type deb

Namespace debian

Name libwebp

Version 0.6.1-2.1+deb11u2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5hzf-gdbj-8ud8

vulnerability_id VCID-5hzf-gdbj-8ud8

summary

Double Free
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1999.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1999.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1999

reference_id

reference_type

scores

value	0.00362
scoring_system	epss
scoring_elements	0.58323
published_at	2026-04-18T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.5832
published_at	2026-04-16T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59224
published_at	2026-04-12T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59158
published_at	2026-04-07T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59209
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59222
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59242
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.5917
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59206
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59194
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1999

reference_url

https://chromium.googlesource.com/webm/libwebp

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:14:09Z/

url

https://chromium.googlesource.com/webm/libwebp

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371
reference_id	1035371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2186102
reference_id	2186102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2186102

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-1999
reference_id	CVE-2023-1999
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-1999

reference_url	https://security.gentoo.org/glsa/202305-35
reference_id	GLSA-202305-35
reference_type
scores
url	https://security.gentoo.org/glsa/202305-35

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-13

reference_id

mfsa2023-13

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-14

reference_id

mfsa2023-14

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-14

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-15

reference_id

mfsa2023-15

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-15

reference_url	https://access.redhat.com/errata/RHSA-2023:1785
reference_id	RHSA-2023:1785
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1785

reference_url	https://access.redhat.com/errata/RHSA-2023:1786
reference_id	RHSA-2023:1786
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1786

reference_url	https://access.redhat.com/errata/RHSA-2023:1787
reference_id	RHSA-2023:1787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1787

reference_url	https://access.redhat.com/errata/RHSA-2023:1788
reference_id	RHSA-2023:1788
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1788

reference_url	https://access.redhat.com/errata/RHSA-2023:1789
reference_id	RHSA-2023:1789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1789

reference_url	https://access.redhat.com/errata/RHSA-2023:1790
reference_id	RHSA-2023:1790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1790

reference_url	https://access.redhat.com/errata/RHSA-2023:1791
reference_id	RHSA-2023:1791
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1791

reference_url	https://access.redhat.com/errata/RHSA-2023:1792
reference_id	RHSA-2023:1792
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1792

reference_url	https://access.redhat.com/errata/RHSA-2023:1802
reference_id	RHSA-2023:1802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1802

reference_url	https://access.redhat.com/errata/RHSA-2023:1803
reference_id	RHSA-2023:1803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1803

reference_url	https://access.redhat.com/errata/RHSA-2023:1804
reference_id	RHSA-2023:1804
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1804

reference_url	https://access.redhat.com/errata/RHSA-2023:1805
reference_id	RHSA-2023:1805
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1805

reference_url	https://access.redhat.com/errata/RHSA-2023:1806
reference_id	RHSA-2023:1806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1806

reference_url	https://access.redhat.com/errata/RHSA-2023:1809
reference_id	RHSA-2023:1809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1809

reference_url	https://access.redhat.com/errata/RHSA-2023:1810
reference_id	RHSA-2023:1810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1810

reference_url	https://access.redhat.com/errata/RHSA-2023:1811
reference_id	RHSA-2023:1811
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1811

reference_url	https://access.redhat.com/errata/RHSA-2023:2072
reference_id	RHSA-2023:2072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2072

reference_url	https://access.redhat.com/errata/RHSA-2023:2073
reference_id	RHSA-2023:2073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2073

reference_url	https://access.redhat.com/errata/RHSA-2023:2075
reference_id	RHSA-2023:2075
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2075

reference_url	https://access.redhat.com/errata/RHSA-2023:2076
reference_id	RHSA-2023:2076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2076

reference_url	https://access.redhat.com/errata/RHSA-2023:2077
reference_id	RHSA-2023:2077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2077

reference_url	https://access.redhat.com/errata/RHSA-2023:2078
reference_id	RHSA-2023:2078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2078

reference_url	https://access.redhat.com/errata/RHSA-2023:2084
reference_id	RHSA-2023:2084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2084

reference_url	https://access.redhat.com/errata/RHSA-2023:2085
reference_id	RHSA-2023:2085
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2085

reference_url	https://usn.ubuntu.com/6078-1/
reference_id	USN-6078-1
reference_type
scores
url	https://usn.ubuntu.com/6078-1/

reference_url	https://usn.ubuntu.com/6078-2/
reference_id	USN-6078-2
reference_type
scores
url	https://usn.ubuntu.com/6078-2/

fixed_packages

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2023-1999

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hzf-gdbj-8ud8

url VCID-6z14-frdw-r3dh

vulnerability_id VCID-6z14-frdw-r3dh

summary libwebp: out-of-bounds read in ApplyFilter()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25010.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25010.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25010

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66315
published_at	2026-04-01T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66354
published_at	2026-04-02T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66381
published_at	2026-04-04T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.6635
published_at	2026-04-07T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66399
published_at	2026-04-08T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66412
published_at	2026-04-09T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66433
published_at	2026-04-11T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.6642
published_at	2026-04-12T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.6639
published_at	2026-04-13T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66426
published_at	2026-04-16T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66442
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956918
reference_id	1956918
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956918

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25010

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6z14-frdw-r3dh

url VCID-8nht-54x7-gqf1

vulnerability_id VCID-8nht-54x7-gqf1

summary libwebp: excessive memory allocation when reading a file

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36332.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36332.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36332

reference_id

reference_type

scores

value	0.00818
scoring_system	epss
scoring_elements	0.74303
published_at	2026-04-01T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74307
published_at	2026-04-07T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74334
published_at	2026-04-04T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.7434
published_at	2026-04-08T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74355
published_at	2026-04-09T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74377
published_at	2026-04-11T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74357
published_at	2026-04-12T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74349
published_at	2026-04-13T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74385
published_at	2026-04-16T12:55:00Z

value	0.00818
scoring_system	epss
scoring_elements	0.74394
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36332

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956868
reference_id	1956868
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956868

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-36332
reference_id	CVE-2020-36332
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-36332

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2020-36332

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nht-54x7-gqf1

url VCID-9jcb-yrmd-7uen

vulnerability_id VCID-9jcb-yrmd-7uen

summary libwebp: heap-based buffer overflow in WebPDecode*Into functions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36328.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36328.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36328

reference_id

reference_type

scores

value	0.00527
scoring_system	epss
scoring_elements	0.66988
published_at	2026-04-01T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67026
published_at	2026-04-02T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.6705
published_at	2026-04-04T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67025
published_at	2026-04-07T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67074
published_at	2026-04-08T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67087
published_at	2026-04-09T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67106
published_at	2026-04-11T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67092
published_at	2026-04-12T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67061
published_at	2026-04-13T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67094
published_at	2026-04-16T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67108
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956829
reference_id	1956829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956829

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-36328
reference_id	CVE-2020-36328
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-36328

reference_url	https://access.redhat.com/errata/RHSA-2021:2260
reference_id	RHSA-2021:2260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2260

reference_url	https://access.redhat.com/errata/RHSA-2021:2328
reference_id	RHSA-2021:2328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2328

reference_url	https://access.redhat.com/errata/RHSA-2021:2354
reference_id	RHSA-2021:2354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2354

reference_url	https://access.redhat.com/errata/RHSA-2021:2364
reference_id	RHSA-2021:2364
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2364

reference_url	https://access.redhat.com/errata/RHSA-2021:2365
reference_id	RHSA-2021:2365
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2365

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2020-36328

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jcb-yrmd-7uen

url VCID-e3uc-36mx-mbfv

vulnerability_id VCID-e3uc-36mx-mbfv

summary libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36330.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36330.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36330

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.3738
published_at	2026-04-01T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37545
published_at	2026-04-02T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37568
published_at	2026-04-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37396
published_at	2026-04-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37448
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37461
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37474
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37413
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3746
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37442
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956853
reference_id	1956853
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956853

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-36330
reference_id	CVE-2020-36330
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-36330

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2020-36330

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3uc-36mx-mbfv

url VCID-ecku-fk4j-s3hr

vulnerability_id VCID-ecku-fk4j-s3hr

summary libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36331.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36331.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36331

reference_id

reference_type

scores

value	0.00189
scoring_system	epss
scoring_elements	0.40675
published_at	2026-04-01T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40758
published_at	2026-04-02T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40786
published_at	2026-04-04T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4071
published_at	2026-04-07T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4076
published_at	2026-04-08T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40768
published_at	2026-04-09T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40787
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40752
published_at	2026-04-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40734
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40778
published_at	2026-04-16T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40748
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956856
reference_id	1956856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956856

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-36331
reference_id	CVE-2020-36331
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-36331

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2020-36331

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecku-fk4j-s3hr

url VCID-hjha-gt3s-s3e3

vulnerability_id VCID-hjha-gt3s-s3e3

summary libwebp: use of uninitialized value in ReadSymbol()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25014.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25014.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25014

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36148
published_at	2026-04-18T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36121
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36162
published_at	2026-04-16T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68785
published_at	2026-04-02T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68783
published_at	2026-04-07T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68834
published_at	2026-04-08T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68853
published_at	2026-04-09T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68876
published_at	2026-04-11T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68861
published_at	2026-04-12T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68766
published_at	2026-04-01T12:55:00Z

value	0.00578
scoring_system	epss
scoring_elements	0.68805
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956927
reference_id	1956927
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956927

reference_url	https://access.redhat.com/errata/RHSA-2021:2328
reference_id	RHSA-2021:2328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2328

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25014

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjha-gt3s-s3e3

url VCID-k4yg-g6p1-kkbz

vulnerability_id VCID-k4yg-g6p1-kkbz

summary libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36329.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36329.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36329

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66029
published_at	2026-04-01T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66071
published_at	2026-04-02T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66099
published_at	2026-04-04T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66066
published_at	2026-04-07T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66115
published_at	2026-04-08T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66127
published_at	2026-04-09T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66147
published_at	2026-04-11T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66134
published_at	2026-04-12T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66104
published_at	2026-04-13T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.6614
published_at	2026-04-16T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66153
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956843
reference_id	1956843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956843

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-36329
reference_id	CVE-2020-36329
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-36329

reference_url	https://access.redhat.com/errata/RHSA-2021:2260
reference_id	RHSA-2021:2260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2260

reference_url	https://access.redhat.com/errata/RHSA-2021:2328
reference_id	RHSA-2021:2328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2328

reference_url	https://access.redhat.com/errata/RHSA-2021:2354
reference_id	RHSA-2021:2354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2354

reference_url	https://access.redhat.com/errata/RHSA-2021:2364
reference_id	RHSA-2021:2364
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2364

reference_url	https://access.redhat.com/errata/RHSA-2021:2365
reference_id	RHSA-2021:2365
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2365

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2020-36329

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4yg-g6p1-kkbz

url VCID-ms2y-xj5p-4ud9

vulnerability_id VCID-ms2y-xj5p-4ud9

summary libwebp: out-of-bounds read in WebPMuxCreateInternal()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25012.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25012.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25012

reference_id

reference_type

scores

value	0.00575
scoring_system	epss
scoring_elements	0.68685
published_at	2026-04-01T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68704
published_at	2026-04-02T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68722
published_at	2026-04-04T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.687
published_at	2026-04-07T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68752
published_at	2026-04-08T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68771
published_at	2026-04-09T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68794
published_at	2026-04-11T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68779
published_at	2026-04-12T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.6875
published_at	2026-04-13T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68792
published_at	2026-04-16T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68802
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956922
reference_id	1956922
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956922

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25012

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2y-xj5p-4ud9

url VCID-t16b-mbs7-wfc1

vulnerability_id VCID-t16b-mbs7-wfc1

summary libwebp: heap-based buffer overflow in PutLE16()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25011.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25011

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59067
published_at	2026-04-01T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.5914
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59164
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59128
published_at	2026-04-07T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59179
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59192
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59211
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59194
published_at	2026-04-12T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59175
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.5921
published_at	2026-04-16T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59215
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956919
reference_id	1956919
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956919

reference_url	https://access.redhat.com/errata/RHSA-2021:2260
reference_id	RHSA-2021:2260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2260

reference_url	https://access.redhat.com/errata/RHSA-2021:2328
reference_id	RHSA-2021:2328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2328

reference_url	https://access.redhat.com/errata/RHSA-2021:2354
reference_id	RHSA-2021:2354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2354

reference_url	https://access.redhat.com/errata/RHSA-2021:2364
reference_id	RHSA-2021:2364
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2364

reference_url	https://access.redhat.com/errata/RHSA-2021:2365
reference_id	RHSA-2021:2365
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2365

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25011

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t16b-mbs7-wfc1

url VCID-vdzj-kqfy-d3b7

vulnerability_id VCID-vdzj-kqfy-d3b7

summary

libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json

reference_url

https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway

reference_url

https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4863

reference_id

reference_type

scores

value	0.93606
scoring_system	epss
scoring_elements	0.99835
published_at	2026-04-07T12:55:00Z

value	0.93606
scoring_system	epss
scoring_elements	0.99837
published_at	2026-04-18T12:55:00Z

value	0.93606
scoring_system	epss
scoring_elements	0.99836
published_at	2026-04-13T12:55:00Z

value	0.94083
scoring_system	epss
scoring_elements	0.99905
published_at	2026-04-12T12:55:00Z

value	0.94117
scoring_system	epss
scoring_elements	0.99909
published_at	2026-04-04T12:55:00Z

value	0.94117
scoring_system	epss
scoring_elements	0.9991
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4863

reference_url

https://blog.isosceles.com/the-webp-0day

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://blog.isosceles.com/the-webp-0day

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1215231

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://bugzilla.suse.com/show_bug.cgi?id=1215231

reference_url

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

reference_url

https://crbug.com/1479274

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://crbug.com/1479274

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

reference_url

https://en.bandisoft.com/honeyview/history

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://en.bandisoft.com/honeyview/history

reference_url

https://en.bandisoft.com/honeyview/history/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://en.bandisoft.com/honeyview/history/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0

reference_url

https://github.com/electron/electron/pull/39823

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron/pull/39823

reference_url

https://github.com/electron/electron/pull/39825

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron/pull/39825

reference_url

https://github.com/electron/electron/pull/39826

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron/pull/39826

reference_url

https://github.com/electron/electron/pull/39827

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron/pull/39827

reference_url

https://github.com/electron/electron/pull/39828

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron/pull/39828

reference_url

https://github.com/ImageMagick/ImageMagick/discussions/6664

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/discussions/6664

reference_url

https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc

reference_url

https://github.com/jaredforth/webp/pull/30

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jaredforth/webp/pull/30

reference_url

https://github.com/python-pillow/Pillow/pull/7395

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/7395

reference_url

https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b

reference_url

https://github.com/qnighy/libwebp-sys2-rs/pull/21

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qnighy/libwebp-sys2-rs/pull/21

reference_url

https://github.com/webmproject/libwebp

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/webmproject/libwebp

reference_url

https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

reference_url

https://github.com/webmproject/libwebp/releases/tag/v1.3.2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://github.com/webmproject/libwebp/releases/tag/v1.3.2

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I

reference_url

https://news.ycombinator.com/item?id=37478403

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://news.ycombinator.com/item?id=37478403

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0060.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0060.html

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0061.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0061.html

reference_url

https://security.gentoo.org/glsa/202309-05

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://security.gentoo.org/glsa/202309-05

reference_url

https://security.gentoo.org/glsa/202401-10

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://security.gentoo.org/glsa/202401-10

reference_url

https://security.netapp.com/advisory/ntap-20230929-0011

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230929-0011

reference_url

https://sethmlarson.dev/security-developer-in-residence-weekly-report-16

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://sethmlarson.dev/security-developer-in-residence-weekly-report-16

reference_url

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863

reference_url

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

reference_url

https://www.bentley.com/advisories/be-2023-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bentley.com/advisories/be-2023-0001

reference_url

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks

reference_url

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

reference_url

https://www.debian.org/security/2023/dsa-5496

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.debian.org/security/2023/dsa-5496

reference_url

https://www.debian.org/security/2023/dsa-5497

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.debian.org/security/2023/dsa-5497

reference_url

https://www.debian.org/security/2023/dsa-5498

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.debian.org/security/2023/dsa-5498

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	critical
scoring_system	generic_textual
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

reference_url

https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863

reference_url

http://www.openwall.com/lists/oss-security/2023/09/21/4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/21/4

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/1

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/3

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/4

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/5

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/5

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/6

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/7

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/7

reference_url

http://www.openwall.com/lists/oss-security/2023/09/22/8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/22/8

reference_url

http://www.openwall.com/lists/oss-security/2023/09/26/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/26/1

reference_url

http://www.openwall.com/lists/oss-security/2023/09/26/7

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/26/7

reference_url

http://www.openwall.com/lists/oss-security/2023/09/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/28/1

reference_url

http://www.openwall.com/lists/oss-security/2023/09/28/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/28/2

reference_url

http://www.openwall.com/lists/oss-security/2023/09/28/4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

http://www.openwall.com/lists/oss-security/2023/09/28/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
reference_id	1051787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2238431
reference_id	2238431
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2238431

reference_url

https://www.bentley.com/advisories/be-2023-0001/

reference_id

be-2023-0001

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://www.bentley.com/advisories/be-2023-0001/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

reference_id

CVE-2023-4863

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

reference_url

https://security-tracker.debian.org/tracker/CVE-2023-4863

reference_id

CVE-2023-4863

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://security-tracker.debian.org/tracker/CVE-2023-4863

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/

reference_id

KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/

reference_url

https://security.netapp.com/advisory/ntap-20230929-0011/

reference_id

ntap-20230929-0011

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/

url

https://security.netapp.com/advisory/ntap-20230929-0011/

reference_url	https://access.redhat.com/errata/RHSA-2023:5183
reference_id	RHSA-2023:5183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5183

reference_url	https://access.redhat.com/errata/RHSA-2023:5184
reference_id	RHSA-2023:5184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5184

reference_url	https://access.redhat.com/errata/RHSA-2023:5185
reference_id	RHSA-2023:5185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5185

reference_url	https://access.redhat.com/errata/RHSA-2023:5186
reference_id	RHSA-2023:5186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5186

reference_url	https://access.redhat.com/errata/RHSA-2023:5187
reference_id	RHSA-2023:5187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5187

reference_url	https://access.redhat.com/errata/RHSA-2023:5188
reference_id	RHSA-2023:5188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5188

reference_url	https://access.redhat.com/errata/RHSA-2023:5189
reference_id	RHSA-2023:5189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5189

reference_url	https://access.redhat.com/errata/RHSA-2023:5190
reference_id	RHSA-2023:5190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5190

reference_url	https://access.redhat.com/errata/RHSA-2023:5191
reference_id	RHSA-2023:5191
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5191

reference_url	https://access.redhat.com/errata/RHSA-2023:5192
reference_id	RHSA-2023:5192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5192

reference_url	https://access.redhat.com/errata/RHSA-2023:5197
reference_id	RHSA-2023:5197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5197

reference_url	https://access.redhat.com/errata/RHSA-2023:5198
reference_id	RHSA-2023:5198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5198

reference_url	https://access.redhat.com/errata/RHSA-2023:5200
reference_id	RHSA-2023:5200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5200

reference_url	https://access.redhat.com/errata/RHSA-2023:5201
reference_id	RHSA-2023:5201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5201

reference_url	https://access.redhat.com/errata/RHSA-2023:5202
reference_id	RHSA-2023:5202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5202

reference_url	https://access.redhat.com/errata/RHSA-2023:5204
reference_id	RHSA-2023:5204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5204

reference_url	https://access.redhat.com/errata/RHSA-2023:5205
reference_id	RHSA-2023:5205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5205

reference_url	https://access.redhat.com/errata/RHSA-2023:5214
reference_id	RHSA-2023:5214
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5214

100

reference_url	https://access.redhat.com/errata/RHSA-2023:5222
reference_id	RHSA-2023:5222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5222

101

reference_url	https://access.redhat.com/errata/RHSA-2023:5223
reference_id	RHSA-2023:5223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5223

102

reference_url	https://access.redhat.com/errata/RHSA-2023:5224
reference_id	RHSA-2023:5224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5224

103

reference_url	https://access.redhat.com/errata/RHSA-2023:5236
reference_id	RHSA-2023:5236
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5236

104

reference_url	https://access.redhat.com/errata/RHSA-2023:5309
reference_id	RHSA-2023:5309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5309

105

reference_url	https://usn.ubuntu.com/6367-1/
reference_id	USN-6367-1
reference_type
scores
url	https://usn.ubuntu.com/6367-1/

106

reference_url	https://usn.ubuntu.com/6368-1/
reference_id	USN-6368-1
reference_type
scores
url	https://usn.ubuntu.com/6368-1/

107

reference_url	https://usn.ubuntu.com/6369-1/
reference_id	USN-6369-1
reference_type
scores
url	https://usn.ubuntu.com/6369-1/

108

reference_url	https://usn.ubuntu.com/6369-2/
reference_id	USN-6369-2
reference_type
scores
url	https://usn.ubuntu.com/6369-2/

fixed_packages

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7

url VCID-wcer-d6dm-w3ch

vulnerability_id VCID-wcer-d6dm-w3ch

summary libwebp: out-of-bounds read in WebPMuxCreateInternal

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25009.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25009.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25009

reference_id

reference_type

scores

value	0.00447
scoring_system	epss
scoring_elements	0.63413
published_at	2026-04-01T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63472
published_at	2026-04-02T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63499
published_at	2026-04-13T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63464
published_at	2026-04-07T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63516
published_at	2026-04-08T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63533
published_at	2026-04-12T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63549
published_at	2026-04-11T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63535
published_at	2026-04-16T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63543
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956917
reference_id	1956917
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956917

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25009

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcer-d6dm-w3ch

url VCID-yjus-jmfg-tyfv

vulnerability_id VCID-yjus-jmfg-tyfv

summary libwebp: out-of-bounds read in ShiftBytes()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25013.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-25013

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33737
published_at	2026-04-01T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34074
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34105
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33964
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34006
published_at	2026-04-08T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34037
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33994
published_at	2026-04-12T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3397
published_at	2026-04-13T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34004
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33991
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956926
reference_id	1956926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956926

reference_url	https://access.redhat.com/errata/RHSA-2021:4231
reference_id	RHSA-2021:4231
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4231

reference_url	https://usn.ubuntu.com/4971-1/
reference_id	USN-4971-1
reference_type
scores
url	https://usn.ubuntu.com/4971-1/

reference_url	https://usn.ubuntu.com/4971-2/
reference_id	USN-4971-2
reference_type
scores
url	https://usn.ubuntu.com/4971-2/

fixed_packages

url pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

purl pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5hzf-gdbj-8ud8

vulnerability	VCID-6z14-frdw-r3dh

vulnerability	VCID-8nht-54x7-gqf1

vulnerability	VCID-9jcb-yrmd-7uen

vulnerability	VCID-e3uc-36mx-mbfv

vulnerability	VCID-ecku-fk4j-s3hr

vulnerability	VCID-hjha-gt3s-s3e3

vulnerability	VCID-k4yg-g6p1-kkbz

vulnerability	VCID-ms2y-xj5p-4ud9

vulnerability	VCID-t16b-mbs7-wfc1

vulnerability	VCID-vdzj-kqfy-d3b7

vulnerability	VCID-wcer-d6dm-w3ch

vulnerability	VCID-yjus-jmfg-tyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2%252Bdeb10u1

url	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
purl	pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

aliases CVE-2018-25013

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjus-jmfg-tyfv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libwebp@0.6.1-2.1%252Bdeb11u2

Package Instance