Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1052764?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1052764?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.5.2-2%2Bdeb10u1", "type": "deb", "namespace": "debian", "name": "libjpeg-turbo", "version": "1:1.5.2-2+deb10u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:2.1.5-2", "latest_non_vulnerable_version": "1:2.1.5-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60289?format=api", "vulnerability_id": "VCID-77d3-x18w-a7f6", "summary": "Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65722", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65757", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65771", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968036", "reference_id": "1968036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17541", "reference_id": "CVE-2020-17541", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17541" }, { "reference_url": "https://security.gentoo.org/glsa/202405-20", "reference_id": "GLSA-202405-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4288", "reference_id": "RHSA-2021:4288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4288" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2020-17541" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77d3-x18w-a7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81110?format=api", "vulnerability_id": "VCID-a3r5-u4q5-efhk", "summary": "libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0729", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07374", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07344", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07268", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07394", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122387", "reference_id": "2122387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122387" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2020-35538" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3r5-u4q5-efhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83261?format=api", "vulnerability_id": "VCID-adpa-bp3z-vbhn", "summary": "libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5328", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53294", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.533", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53198", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5319", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53273", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258" }, { "reference_url": "https://github.com/mozilla/mozjpeg/issues/299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mozilla/mozjpeg/issues/299" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687424", "reference_id": "1687424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687424" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678", "reference_id": "924678", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14498", "reference_id": "CVE-2018-14498", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3705", "reference_id": "RHSA-2019:3705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3705" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2018-14498" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adpa-bp3z-vbhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58214?format=api", "vulnerability_id": "VCID-rgsc-btdd-m3he", "summary": "An information disclosure vulnerability in libjpeg-turbo allow\n remote attackers to obtain sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65279", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65267", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65284", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847155", "reference_id": "1847155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847155" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829", "reference_id": "962829", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790", "reference_id": "CVE-2020-13790", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" }, { "reference_url": "https://security.gentoo.org/glsa/202010-03", "reference_id": "GLSA-202010-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7540", "reference_id": "RHSA-2025:7540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7540" }, { "reference_url": "https://usn.ubuntu.com/4386-1/", "reference_id": "USN-4386-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4386-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2020-13790" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgsc-btdd-m3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83400?format=api", "vulnerability_id": "VCID-tvq2-6ujj-7yet", "summary": "libjpeg: \"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48108", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48159", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48154", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48049", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4812", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48095", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11813" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588803", "reference_id": "1588803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588803" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719", "reference_id": "904719", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813", "reference_id": "CVE-2018-11813", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2018-11813" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvq2-6ujj-7yet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83911?format=api", "vulnerability_id": "VCID-ugd8-a68r-hugj", "summary": "libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67979", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67984", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67997", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67906", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67957", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67971", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67995", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182" }, { "reference_url": "https://github.com/mozilla/mozjpeg/issues/268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mozilla/mozjpeg/issues/268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500678", "reference_id": "1500678", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500678" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567", "reference_id": "878567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15232", "reference_id": "CVE-2017-15232", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15232" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2017-15232" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugd8-a68r-hugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48088?format=api", "vulnerability_id": "VCID-w4km-zqts-3bhv", "summary": "Several integer overflows in libjpeg-turbo might allow an attacker\n to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77809", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77897", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77869", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77904", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77884", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/" }, { "reference_url": "https://source.android.com/security/bulletin/2019-11-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2019-11-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770982", "reference_id": "1770982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770982" }, { "reference_url": "https://security.archlinux.org/AVG-1067", "reference_id": "AVG-1067", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1067" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2201", "reference_id": "CVE-2019-2201", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2201" }, { "reference_url": "https://security.gentoo.org/glsa/202003-23", "reference_id": "GLSA-202003-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-23" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2019-2201" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4km-zqts-3bhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83393?format=api", "vulnerability_id": "VCID-zqqx-68x1-h3ak", "summary": "libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73053", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73063", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72963", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73039", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73018", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html" }, { "reference_url": "https://www.tenable.com/security/research/tra-2018-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/research/tra-2018-17" }, { "reference_url": "http://www.securityfocus.com/bid/104543", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593554", "reference_id": "1593554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950", "reference_id": "902950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1152", "reference_id": "CVE-2018-1152", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1152" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994480?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4" } ], "aliases": [ "CVE-2018-1152" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqqx-68x1-h3ak" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81194?format=api", "vulnerability_id": "VCID-vrpv-znq2-6yd9", "summary": "libjpeg: improper handling of max_memory_to_use setting can lead to excessive memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78637", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78643", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.7865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78672", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.7867", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78667", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14152" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849026", "reference_id": "1849026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849026" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052764?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.5.2-2%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-77d3-x18w-a7f6" }, { "vulnerability": "VCID-a3r5-u4q5-efhk" }, { "vulnerability": "VCID-adpa-bp3z-vbhn" }, { "vulnerability": "VCID-rgsc-btdd-m3he" }, { "vulnerability": "VCID-tvq2-6ujj-7yet" }, { "vulnerability": "VCID-ugd8-a68r-hugj" }, { "vulnerability": "VCID-w4km-zqts-3bhv" }, { "vulnerability": "VCID-zqqx-68x1-h3ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.5.2-2%252Bdeb10u1" } ], "aliases": [ "CVE-2020-14152" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrpv-znq2-6yd9" } ], "risk_score": "4.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.5.2-2%252Bdeb10u1" }