Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/174089?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "exiv2", "version": "0.28.5+dfsg-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.28.7+dfsg-2", "latest_non_vulnerable_version": "0.28.8+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324966?format=api", "vulnerability_id": "VCID-9nxb-v8b8-bkcf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27596.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27596.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1928", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27596" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443991", "reference_id": "2443991", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443991" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/3511", "reference_id": "3511", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:25:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/3511" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3512", "reference_id": "3512", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:25:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3512" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4", "reference_id": "eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:25:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7", "reference_id": "GHSA-3wgv-fg4w-75x7", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:25:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7" }, { "reference_url": "https://security.gentoo.org/glsa/202603-01", "reference_id": "GLSA-202603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202603-01" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-27596" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nxb-v8b8-bkcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324202?format=api", "vulnerability_id": "VCID-bpyz-ymzy-zufs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19933", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443992", "reference_id": "2443992", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443992" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3462", "reference_id": "3462", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:15:01Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3462" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d", "reference_id": "cbba4d206512fe63e12d164fdd1881562f072a9d", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:15:01Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp", "reference_id": "GHSA-9mxq-4j5g-5wrp", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:15:01Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp" }, { "reference_url": "https://security.gentoo.org/glsa/202603-01", "reference_id": "GLSA-202603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202603-01" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-25884" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpyz-ymzy-zufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307197?format=api", "vulnerability_id": "VCID-cs4q-3rwr-vke4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01432", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/3333", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T15:26:15Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/3333" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3335", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T15:26:15Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3335" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3345", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T15:26:15Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3345" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T15:26:15Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55304", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55304" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112506", "reference_id": "1112506", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391806", "reference_id": "2391806", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391806" }, { "reference_url": "https://github.com/advisories/GHSA-m54q-mm9w-fp6g", "reference_id": "GHSA-m54q-mm9w-fp6g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m54q-mm9w-fp6g" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" }, { "reference_url": "https://usn.ubuntu.com/8103-2/", "reference_id": "USN-8103-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174104?format=api", "purl": "pkg:deb/debian/exiv2@0.28.7%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.7%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55304", "GHSA-m54q-mm9w-fp6g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4q-3rwr-vke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306187?format=api", "vulnerability_id": "VCID-p48j-jh17-7fa9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07259", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54080" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T14:58:11Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T14:58:11Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54080", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54080" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112505", "reference_id": "1112505", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391789", "reference_id": "2391789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391789" }, { "reference_url": "https://github.com/advisories/GHSA-496f-x7cq-cq39", "reference_id": "GHSA-496f-x7cq-cq39", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-496f-x7cq-cq39" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174104?format=api", "purl": "pkg:deb/debian/exiv2@0.28.7%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.7%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54080", "GHSA-496f-x7cq-cq39" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p48j-jh17-7fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324985?format=api", "vulnerability_id": "VCID-yyhh-t98b-cyen", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11753", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443986", "reference_id": "2443986", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443986" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/3513", "reference_id": "3513", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:27:04Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/3513" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3514", "reference_id": "3514", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:27:04Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3514" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df", "reference_id": "659db316eef745899a778a1e0b760a971d1b69df", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:27:04Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j", "reference_id": "GHSA-p2pw-7935-c73j", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-02T20:27:04Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j" }, { "reference_url": "https://security.gentoo.org/glsa/202603-01", "reference_id": "GLSA-202603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202603-01" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-27631" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyhh-t98b-cyen" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138503?format=api", "vulnerability_id": "VCID-1da7-wda3-queu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61837", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13109" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13109" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1da7-wda3-queu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6469?format=api", "vulnerability_id": "VCID-1drr-66v7-w3dc", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39083", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29470" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987450", "reference_id": "987450", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987450" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4941-1/", "reference_id": "USN-4941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4941-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29470" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1drr-66v7-w3dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6421?format=api", "vulnerability_id": "VCID-1hkp-4mcp-xudq", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24801", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37621" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37621" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hkp-4mcp-xudq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289460?format=api", "vulnerability_id": "VCID-2fxp-9tg3-13ax", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01101", "scoring_system": "epss", "scoring_elements": "0.78351", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/3168" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3174", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2/pull/3174" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" }, { "reference_url": "https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323", "reference_id": "1098323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346345", "reference_id": "2346345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346345" }, { "reference_url": "https://github.com/advisories/GHSA-38h4-fx85-qcx7", "reference_id": "GHSA-38h4-fx85-qcx7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-38h4-fx85-qcx7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7457", "reference_id": "RHSA-2025:7457", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174103?format=api", "purl": "pkg:deb/debian/exiv2@0.28.4%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.4%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26623", "GHSA-38h4-fx85-qcx7" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxp-9tg3-13ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138506?format=api", "vulnerability_id": "VCID-2pcy-h1za-fqan", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01754", "scoring_system": "epss", "scoring_elements": "0.82893", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13112" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13112" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pcy-h1za-fqan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7427?format=api", "vulnerability_id": "VCID-34hy-1rm1-a7e8", "summary": "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71346", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9953", "PYSEC-2017-142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34hy-1rm1-a7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7506?format=api", "vulnerability_id": "VCID-36ka-wdzd-67ck", "summary": "Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53518", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000128", "PYSEC-2017-117" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ka-wdzd-67ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7485?format=api", "vulnerability_id": "VCID-3ew5-wbe3-h3bk", "summary": "An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14864", "PYSEC-2017-137" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ew5-wbe3-h3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7617?format=api", "vulnerability_id": "VCID-3g4k-cfrf-13b4", "summary": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68144", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/455", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17230", "PYSEC-2018-137" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g4k-cfrf-13b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38501?format=api", "vulnerability_id": "VCID-3g84-3u2b-73c6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12841", "scoring_system": "epss", "scoring_elements": "0.94153", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4676" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/27140.txt", "reference_id": "CVE-2005-4676;OSVDB-22760", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/27140.txt" }, { "reference_url": "https://www.securityfocus.com/bid/16400/info", "reference_id": "CVE-2005-4676;OSVDB-22760", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/16400/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174086?format=api", "purl": "pkg:deb/debian/exiv2@0.9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-4676" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g84-3u2b-73c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5422?format=api", "vulnerability_id": "VCID-3q1t-4rek-qkfg", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63839", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524107", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524107" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/263", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/263" }, { "reference_url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17724", "PYSEC-2018-123" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q1t-4rek-qkfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6471?format=api", "vulnerability_id": "VCID-47rx-t69a-hbhd", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27275", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29463" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b", "reference_id": "783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:39Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988241", "reference_id": "988241", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988241" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr", "reference_id": "GHSA-5p8g-9xf3-gfrr", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:39Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3/", "reference_id": "K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ/", "reference_id": "NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ/" }, { "reference_url": "https://usn.ubuntu.com/4964-1/", "reference_id": "USN-4964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29463" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47rx-t69a-hbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135040?format=api", "vulnerability_id": "VCID-4cba-afw2-g3dv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58773", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9144" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cba-afw2-g3dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7434?format=api", "vulnerability_id": "VCID-4cep-sxy3-y3da", "summary": "There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80648", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470950" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11340", "PYSEC-2017-122" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cep-sxy3-y3da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6423?format=api", "vulnerability_id": "VCID-4nf2-ska4-bkbc", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37619" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37619" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nf2-ska4-bkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7518?format=api", "vulnerability_id": "VCID-4tfz-pw1x-rua9", "summary": "Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58367", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18005" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/168", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/168" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885981", "reference_id": "885981", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-18005", "PYSEC-2017-141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tfz-pw1x-rua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7637?format=api", "vulnerability_id": "VCID-5b9r-5f28-9udx", "summary": "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84558", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19107" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/427", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/427" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/pull/518" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/4056-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/4056-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913273", "reference_id": "913273", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19107", "PYSEC-2018-141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5b9r-5f28-9udx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7634?format=api", "vulnerability_id": "VCID-5bex-5qhq-8qav", "summary": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69964", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18915", "PYSEC-2018-140" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bex-5qhq-8qav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9061?format=api", "vulnerability_id": "VCID-5m46-2feu-yuh1", "summary": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03619", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25112" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/2337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T20:18:13Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/2337" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T20:18:13Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/exiv2/PYSEC-2024-107.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/exiv2/PYSEC-2024-107.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070392", "reference_id": "1070392", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263981", "reference_id": "2263981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25112", "reference_id": "CVE-2024-25112", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25112" }, { "reference_url": "https://github.com/advisories/GHSA-crmj-qh74-2r36", "reference_id": "GHSA-crmj-qh74-2r36", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crmj-qh74-2r36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174102?format=api", "purl": "pkg:deb/debian/exiv2@0.28.3%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-25112", "GHSA-crmj-qh74-2r36", "PYSEC-2024-107" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m46-2feu-yuh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6425?format=api", "vulnerability_id": "VCID-5n5d-dugk-e3bm", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22643", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37616" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5n5d-dugk-e3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6472?format=api", "vulnerability_id": "VCID-6wrk-qf7u-9bah", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26365", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29458" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987277", "reference_id": "987277", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987277" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4941-1/", "reference_id": "USN-4941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4941-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29458" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wrk-qf7u-9bah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7728?format=api", "vulnerability_id": "VCID-6xsk-khud-d3e9", "summary": "Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48895", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/952", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/952" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14368", "PYSEC-2019-244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xsk-khud-d3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6467?format=api", "vulnerability_id": "VCID-73pn-ws8c-9uc2", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54179", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988481", "reference_id": "988481", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988481" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4964-1/", "reference_id": "USN-4964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29623" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73pn-ws8c-9uc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7729?format=api", "vulnerability_id": "VCID-84qn-7vjs-5kf2", "summary": "In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.68009", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14370" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/954", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/954" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14370", "PYSEC-2019-246" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84qn-7vjs-5kf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51683?format=api", "vulnerability_id": "VCID-8qts-6p1t-v3hp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0234", "scoring_system": "epss", "scoring_elements": "0.8513", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6353" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456760", "reference_id": "456760", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456760" }, { "reference_url": "https://security.gentoo.org/glsa/200712-16", "reference_id": "GLSA-200712-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200712-16" }, { "reference_url": "https://usn.ubuntu.com/655-1/", "reference_id": "USN-655-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/655-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174090?format=api", "purl": "pkg:deb/debian/exiv2@0.15-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6353" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qts-6p1t-v3hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7640?format=api", "vulnerability_id": "VCID-9c38-fh23-5be9", "summary": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70834", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19607" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/561", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/561" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19607", "PYSEC-2018-143" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9c38-fh23-5be9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6470?format=api", "vulnerability_id": "VCID-9ff3-74m8-63ca", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988242", "reference_id": "988242", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988242" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4964-1/", "reference_id": "USN-4964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29464" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ff3-74m8-63ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259643?format=api", "vulnerability_id": "VCID-bn34-fuxj-9few", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34483", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296343", "reference_id": "2296343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296343" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3006", "reference_id": "3006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3006" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387", "reference_id": "3a28346db5ae1735a8728fe3491b0aecc1dbf387", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh", "reference_id": "GHSA-38rv-8x93-pvrh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh" }, { "reference_url": "https://security.gentoo.org/glsa/202603-01", "reference_id": "GLSA-202603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202603-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-39695" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn34-fuxj-9few" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7571?format=api", "vulnerability_id": "VCID-bnp5-trry-wkfg", "summary": "Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.73073", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12265" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/365", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/365" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901706", "reference_id": "901706", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12265", "PYSEC-2018-132" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnp5-trry-wkfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7566?format=api", "vulnerability_id": "VCID-brur-bbpd-kqdy", "summary": "An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63411", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10999" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/306", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/306" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10999", "PYSEC-2018-128" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brur-bbpd-kqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6272?format=api", "vulnerability_id": "VCID-bt57-xw55-syep", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471772", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-360", "reference_id": "AVG-360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11553", "PYSEC-2017-123" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt57-xw55-syep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7567?format=api", "vulnerability_id": "VCID-c4mb-fbag-ebgt", "summary": "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65572", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11037" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/307", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/Exiv2/exiv2/issues/307" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://security.gentoo.org/glsa/201811-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11037", "PYSEC-2018-129" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4mb-fbag-ebgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8136?format=api", "vulnerability_id": "VCID-c735-yd1x-3yg5", "summary": "An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28705", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18899" }, { "reference_url": "https://cwe.mitre.org/data/definitions/789.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T20:38:19Z/" } ], "url": "https://cwe.mitre.org/data/definitions/789.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/742", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T20:38:19Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/742" }, { "reference_url": "https://security.gentoo.org/glsa/202312-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T20:38:19Z/" } ], "url": "https://security.gentoo.org/glsa/202312-06" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-18899", "PYSEC-2021-879" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c735-yd1x-3yg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6465?format=api", "vulnerability_id": "VCID-cqkb-5w3h-afhu", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74751", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3482" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986888", "reference_id": "986888", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986888" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4941-1/", "reference_id": "USN-4941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4941-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3482" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqkb-5w3h-afhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6420?format=api", "vulnerability_id": "VCID-csfq-2ahe-bfcj", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29484", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37622" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37622" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csfq-2ahe-bfcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7516?format=api", "vulnerability_id": "VCID-cvwj-k4eh-y3gv", "summary": "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42639", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/187", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/187" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886006", "reference_id": "886006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17669", "PYSEC-2017-140" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvwj-k4eh-y3gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7550?format=api", "vulnerability_id": "VCID-dmr9-q5fy-m7ab", "summary": "In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57578", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9145" }, { "reference_url": "https://bugzilla.novell.com/show_bug.cgi?id=1087879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1087879" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564281", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564281" }, { "reference_url": "https://github.com/xiaoqx/pocs/tree/master/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/xiaoqx/pocs/tree/master/exiv2" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9145", "PYSEC-2018-148" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmr9-q5fy-m7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6427?format=api", "vulnerability_id": "VCID-dqcd-es1a-wydx", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22643", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34335" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992707", "reference_id": "992707", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992707" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-34335" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqcd-es1a-wydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7568?format=api", "vulnerability_id": "VCID-e5qp-n5q8-wuh2", "summary": "Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0144", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11531" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/283", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/283" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11531", "PYSEC-2018-130" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5qp-n5q8-wuh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7527?format=api", "vulnerability_id": "VCID-ecr6-49kf-7bht", "summary": "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62678", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/216", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/216" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "http://www.securityfocus.com/bid/102789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/102789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5772", "PYSEC-2018-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecr6-49kf-7bht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6428?format=api", "vulnerability_id": "VCID-edm5-bxe4-8bdn", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29484", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34334" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992706", "reference_id": "992706", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992706" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-34334" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edm5-bxe4-8bdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7719?format=api", "vulnerability_id": "VCID-emda-3cut-ufft", "summary": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02667", "scoring_system": "epss", "scoring_elements": "0.8606", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13114" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/793", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/793" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/pull/815" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/" }, { "reference_url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4056-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/4056-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13114", "PYSEC-2019-257" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emda-3cut-ufft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7606?format=api", "vulnerability_id": "VCID-f2kg-mqkt-hye5", "summary": "Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53816", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16336" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/400", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/400" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916081", "reference_id": "916081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916081" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16336", "PYSEC-2018-135" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2kg-mqkt-hye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6468?format=api", "vulnerability_id": "VCID-fa4t-ynj5-wqhk", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34376", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987736", "reference_id": "987736", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987736" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4964-1/", "reference_id": "USN-4964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29473" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fa4t-ynj5-wqhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7616?format=api", "vulnerability_id": "VCID-fdh1-mdeh-fuhz", "summary": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68144", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/453", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/453" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17229", "PYSEC-2018-136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdh1-mdeh-fuhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7484?format=api", "vulnerability_id": "VCID-fdvv-ua8m-sfb2", "summary": "There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58892", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494787", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14861", "PYSEC-2017-134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdvv-ua8m-sfb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7570?format=api", "vulnerability_id": "VCID-fe2x-szc6-8yc5", "summary": "Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.73073", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12264" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/366", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/366" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901707", "reference_id": "901707", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901707" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12264", "PYSEC-2018-131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fe2x-szc6-8yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7507?format=api", "vulnerability_id": "VCID-fqdu-uxh9-s3h5", "summary": "exiv2 0.26 contains a Stack out of bounds read in webp parser", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55299", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000126", "PYSEC-2017-115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqdu-uxh9-s3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138507?format=api", "vulnerability_id": "VCID-fwtr-yyg7-xkcs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44792", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13113" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13113" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwtr-yyg7-xkcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7647?format=api", "vulnerability_id": "VCID-ggen-9gsf-gqcn", "summary": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75483", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20099" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20099", "PYSEC-2018-120" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggen-9gsf-gqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7585?format=api", "vulnerability_id": "VCID-gmsz-q9xq-77h5", "summary": "Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59471", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14046" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/378", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14046", "PYSEC-2018-133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmsz-q9xq-77h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7482?format=api", "vulnerability_id": "VCID-gw4v-zhgk-6ugv", "summary": "There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.543", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14865", "PYSEC-2017-138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gw4v-zhgk-6ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7619?format=api", "vulnerability_id": "VCID-gzpk-1j6q-q7c8", "summary": "CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48703", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17581" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/460" }, { "reference_url": "https://github.com/SegfaultMasters/covering360/blob/master/Exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/SegfaultMasters/covering360/blob/master/Exiv2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910060", "reference_id": "910060", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910060" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17581", "PYSEC-2018-139" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzpk-1j6q-q7c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8858?format=api", "vulnerability_id": "VCID-hdp9-r2a5-4yfk", "summary": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.76168", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/828", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T16:32:06Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/828" }, { "reference_url": "https://www.exiv2.org/download.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T16:32:06Z/" } ], "url": "https://www.exiv2.org/download.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-18831", "PYSEC-2023-150" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdp9-r2a5-4yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7483?format=api", "vulnerability_id": "VCID-hpr1-3jra-cugj", "summary": "A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51446", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14863" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14863", "PYSEC-2017-136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpr1-3jra-cugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9062?format=api", "vulnerability_id": "VCID-jtxa-kc5c-z7cr", "summary": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12783", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24826" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/2337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:27:39Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/2337" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:27:39Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/exiv2/PYSEC-2024-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/exiv2/PYSEC-2024-106.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070392", "reference_id": "1070392", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263978", "reference_id": "2263978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263978" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24826", "reference_id": "CVE-2024-24826", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24826" }, { "reference_url": "https://github.com/advisories/GHSA-g9xm-7538-mq8w", "reference_id": "GHSA-g9xm-7538-mq8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9xm-7538-mq8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174102?format=api", "purl": "pkg:deb/debian/exiv2@0.28.3%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-24826", "GHSA-g9xm-7538-mq8w", "PYSEC-2024-106" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtxa-kc5c-z7cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6419?format=api", "vulnerability_id": "VCID-jwdk-xcwp-bubj", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25948", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37623" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwdk-xcwp-bubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135120?format=api", "vulnerability_id": "VCID-k4me-ppbq-tyev", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63021", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9303" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4me-ppbq-tyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138504?format=api", "vulnerability_id": "VCID-k5ks-esna-vqgj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01432", "scoring_system": "epss", "scoring_elements": "0.80988", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13110" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5ks-esna-vqgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7548?format=api", "vulnerability_id": "VCID-kg5f-jtu6-g3ep", "summary": "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56904", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8977" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/247", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/247" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8977", "PYSEC-2018-147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg5f-jtu6-g3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7549?format=api", "vulnerability_id": "VCID-m6zd-sa8b-4yf1", "summary": "In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8976" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/246", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/246" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903813", "reference_id": "903813", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8976", "PYSEC-2018-146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6zd-sa8b-4yf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138505?format=api", "vulnerability_id": "VCID-mjeh-k2rm-rqb7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52045", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13111" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjeh-k2rm-rqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7674?format=api", "vulnerability_id": "VCID-mnj7-np9p-qkb8", "summary": "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63945", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/711", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/711" }, { "reference_url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/" }, { "reference_url": "http://www.securityfocus.com/bid/107161", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "http://www.securityfocus.com/bid/107161" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923472", "reference_id": "923472", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174098?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9143", "PYSEC-2019-248" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnj7-np9p-qkb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7488?format=api", "vulnerability_id": "VCID-mvm5-2695-qbcp", "summary": "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53404", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14860" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14860", "PYSEC-2017-133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvm5-2695-qbcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5421?format=api", "vulnerability_id": "VCID-n22c-535q-c7fk", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68689", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525055", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525055" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/188", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/188" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17725", "PYSEC-2018-124" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n22c-535q-c7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7675?format=api", "vulnerability_id": "VCID-nrk3-vu7c-2fgf", "summary": "An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77499", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/712", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/712" }, { "reference_url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/" }, { "reference_url": "http://www.securityfocus.com/bid/107161", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "http://www.securityfocus.com/bid/107161" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923473", "reference_id": "923473", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923473" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174098?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9144", "PYSEC-2019-249" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrk3-vu7c-2fgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7031?format=api", "vulnerability_id": "VCID-pfrj-s55f-7ubw", "summary": "Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to \"pretty printing\" and the RationalValue::toLong function.", "references": [ { "reference_url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715" }, { "reference_url": "http://dev.robotbattle.com/bugs/view.php?id=0000546", "reference_id": "", "reference_type": "", "scores": [], "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.83044", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2696" }, { "reference_url": "http://secunia.com/advisories/30519", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30519" }, { "reference_url": "http://secunia.com/advisories/32273", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32273" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885" }, { "reference_url": "http://www.exiv2.org/changelog.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.exiv2.org/changelog.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119" }, { "reference_url": "http://www.securityfocus.com/bid/29586", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29586" }, { "reference_url": "http://www.ubuntu.com/usn/usn-655-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-655-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1766/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1766/references" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486328", "reference_id": "486328", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486328" }, { "reference_url": "https://usn.ubuntu.com/655-1/", "reference_id": "USN-655-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/655-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174091?format=api", "purl": "pkg:deb/debian/exiv2@0.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-2696", "PYSEC-2008-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pfrj-s55f-7ubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5423?format=api", "vulnerability_id": "VCID-pkky-6mv5-fbf5", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17723" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524104", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524104" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17723", "PYSEC-2018-122" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkky-6mv5-fbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7430?format=api", "vulnerability_id": "VCID-pxbu-xjp3-33g6", "summary": "There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71548", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470946", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470946" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11339", "PYSEC-2017-121" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxbu-xjp3-33g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6466?format=api", "vulnerability_id": "VCID-pxbv-ypp8-wkfs", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22765", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988731", "reference_id": "988731", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988731" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4964-1/", "reference_id": "USN-4964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-32617" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxbv-ypp8-wkfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7480?format=api", "vulnerability_id": "VCID-pzdn-jtdg-3qdf", "summary": "An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494786", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494786" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14862", "PYSEC-2017-135" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pzdn-jtdg-3qdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7727?format=api", "vulnerability_id": "VCID-qcba-zevg-1kc4", "summary": "Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.68009", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14369" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/953", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/953" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14369", "PYSEC-2019-245" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcba-zevg-1kc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6473?format=api", "vulnerability_id": "VCID-qeax-4cn4-8ya7", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01509", "scoring_system": "epss", "scoring_elements": "0.81491", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29457" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991705", "reference_id": "991705", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991705" }, { "reference_url": "https://security.archlinux.org/ASA-202106-54", "reference_id": "ASA-202106-54", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-54" }, { "reference_url": "https://security.archlinux.org/AVG-1772", "reference_id": "AVG-1772", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1772" }, { "reference_url": "https://usn.ubuntu.com/4941-1/", "reference_id": "USN-4941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4941-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174100?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174099?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29457" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qeax-4cn4-8ya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8938?format=api", "vulnerability_id": "VCID-qec9-b8pt-1fav", "summary": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.7102", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248428", "reference_id": "2248428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-44398", "GHSA-hrw9-ggg3-3r4r", "PYSEC-2023-233" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qec9-b8pt-1fav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7646?format=api", "vulnerability_id": "VCID-qg38-45nz-43aj", "summary": "There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02356", "scoring_system": "epss", "scoring_elements": "0.8518", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20097", "PYSEC-2018-118" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg38-45nz-43aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7489?format=api", "vulnerability_id": "VCID-rce6-k1du-g7es", "summary": "In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49621", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14857" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495043" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14857", "PYSEC-2017-130" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rce6-k1du-g7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7421?format=api", "vulnerability_id": "VCID-rf2d-157m-gfeb", "summary": "An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.", "references": [ { "reference_url": "http://dev.exiv2.org/issues/1295", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://dev.exiv2.org/issues/1295" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38503", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test%28exiv2%29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test%28exiv2%29" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "http://www.securityfocus.com/bid/98720", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/98720" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863410", "reference_id": "863410", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863410" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174095?format=api", "purl": "pkg:deb/debian/exiv2@0.25-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9239", "PYSEC-2017-112" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf2d-157m-gfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7520?format=api", "vulnerability_id": "VCID-rkgt-stjs-xufd", "summary": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5997", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/202" }, { "reference_url": "http://www.securityfocus.com/bid/102477", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/102477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-4868", "PYSEC-2018-144" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkgt-stjs-xufd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7435?format=api", "vulnerability_id": "VCID-rv35-x4ra-6be6", "summary": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11338" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470913", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470913" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11338", "PYSEC-2017-120" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rv35-x4ra-6be6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7636?format=api", "vulnerability_id": "VCID-rvn8-kt79-d3eh", "summary": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84558", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19108" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/426", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/426" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/pull/518" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/4056-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/4056-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913272", "reference_id": "913272", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19108", "PYSEC-2018-142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvn8-kt79-d3eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139745?format=api", "vulnerability_id": "VCID-ryb7-2qqb-qqh3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.69931", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14982" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryb7-2qqb-qqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7644?format=api", "vulnerability_id": "VCID-s64f-qnzx-bubw", "summary": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.7758", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20098", "PYSEC-2018-119" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s64f-qnzx-bubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6422?format=api", "vulnerability_id": "VCID-s8g5-acn3-5kcm", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24701", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" }, { "reference_url": "https://usn.ubuntu.com/5043-2/", "reference_id": "USN-5043-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37620" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8g5-acn3-5kcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7486?format=api", "vulnerability_id": "VCID-sar4-cz86-ckau", "summary": "There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50995", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14858", "PYSEC-2017-131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sar4-cz86-ckau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138815?format=api", "vulnerability_id": "VCID-sasb-95fn-5yer", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78534", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932467", "reference_id": "932467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13504" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sasb-95fn-5yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7645?format=api", "vulnerability_id": "VCID-se7f-fa3g-gkce", "summary": "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79501", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20096", "PYSEC-2018-117" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-se7f-fa3g-gkce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7760?format=api", "vulnerability_id": "VCID-sgzt-4jf8-1ydq", "summary": "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49543", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/1019", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/1019" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/4159-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/4159-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946341", "reference_id": "946341", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946341" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174097?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-17402", "PYSEC-2019-247" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgzt-4jf8-1ydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135122?format=api", "vulnerability_id": "VCID-smnc-xde4-qubx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64031", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9305" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smnc-xde4-qubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=api", "vulnerability_id": "VCID-spkw-mch3-wfgx", "summary": "Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.", "references": [ { "reference_url": "http://dev.exiv2.org/issues/960", "reference_id": "", "reference_type": "", "scores": [], "url": "http://dev.exiv2.org/issues/960" }, { "reference_url": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263", "reference_id": "", "reference_type": "", "scores": [], "url": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79693", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9449" }, { "reference_url": "http://secunia.com/advisories/61801", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61801" }, { "reference_url": "https://security.gentoo.org/glsa/201507-03", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-03" }, { "reference_url": "http://www.securityfocus.com/bid/71912", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71912" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2454-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2454-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773846", "reference_id": "773846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773846" }, { "reference_url": "https://usn.ubuntu.com/2454-1/", "reference_id": "USN-2454-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2454-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174092?format=api", "purl": "pkg:deb/debian/exiv2@0.24-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.24-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9449", "PYSEC-2015-36" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spkw-mch3-wfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7487?format=api", "vulnerability_id": "VCID-ssty-x6vr-x7au", "summary": "There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50995", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14866", "PYSEC-2017-139" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssty-x6vr-x7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7429?format=api", "vulnerability_id": "VCID-t7nc-z8xa-wyf1", "summary": "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80648", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11337" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11337", "PYSEC-2017-119" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t7nc-z8xa-wyf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7836?format=api", "vulnerability_id": "VCID-tamr-wy8y-hbfe", "summary": "In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03067", "scoring_system": "epss", "scoring_elements": "0.86967", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20421" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/1011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/1011" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html" }, { "reference_url": "https://usn.ubuntu.com/4270-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/4270-1/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4958", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://www.debian.org/security/2021/dsa-4958" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950183", "reference_id": "950183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950183" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174098?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20421", "PYSEC-2020-344" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tamr-wy8y-hbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/122644?format=api", "vulnerability_id": "VCID-tdt2-h77c-uyb1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68689", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdt2-h77c-uyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7447?format=api", "vulnerability_id": "VCID-tv3s-fwey-d3dk", "summary": "There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78562", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482295", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482295" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12955", "PYSEC-2017-127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv3s-fwey-d3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7565?format=api", "vulnerability_id": "VCID-u8mb-ndmd-vqd1", "summary": "An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00915", "scoring_system": "epss", "scoring_elements": "0.76237", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10998" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/303", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/303" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10998", "PYSEC-2018-127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8mb-ndmd-vqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8120?format=api", "vulnerability_id": "VCID-vfsm-dn9c-bbd6", "summary": "An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.6831", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31292" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/1530", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/1530" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4958", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://www.debian.org/security/2021/dsa-4958" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991706", "reference_id": "991706", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174100?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174099?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31292", "PYSEC-2021-877" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfsm-dn9c-bbd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7448?format=api", "vulnerability_id": "VCID-vh9k-n9af-hbgg", "summary": "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12957", "PYSEC-2017-129" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vh9k-n9af-hbgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7437?format=api", "vulnerability_id": "VCID-vmn7-9b5h-hkds", "summary": "There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65384", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11683" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475124", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475124" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00013.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "http://www.securityfocus.com/bid/100030", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/100030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11683", "PYSEC-2017-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vmn7-9b5h-hkds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7618?format=api", "vulnerability_id": "VCID-vw1z-mv91-fufm", "summary": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67415", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17282", "PYSEC-2018-138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vw1z-mv91-fufm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6424?format=api", "vulnerability_id": "VCID-w7js-9m5w-43aj", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37618" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7js-9m5w-43aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5420?format=api", "vulnerability_id": "VCID-wwkc-kgy1-t3eu", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4484", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18771" }, { "reference_url": "https://cwe.mitre.org/data/definitions/126.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T19:32:41Z/" } ], "url": "https://cwe.mitre.org/data/definitions/126.html" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/756", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T19:32:41Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/756" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T19:32:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://security.gentoo.org/glsa/202312-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T19:32:41Z/" } ], "url": "https://security.gentoo.org/glsa/202312-06" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" }, { "reference_url": "https://usn.ubuntu.com/8103-1/", "reference_id": "USN-8103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-18771", "PYSEC-2021-882" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkc-kgy1-t3eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7508?format=api", "vulnerability_id": "VCID-x1k5-61p1-bbf5", "summary": "Exiv2 0.26 contains a heap buffer overflow in tiff parser", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58176", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000127" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000127", "PYSEC-2017-116" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1k5-61p1-bbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6426?format=api", "vulnerability_id": "VCID-x61j-ku11-zuby", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26899", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/1758", "reference_id": "1758", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T15:55:52Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/1758" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w", "reference_id": "GHSA-h9x9-4f77-336w", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T15:55:52Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37615" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x61j-ku11-zuby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7446?format=api", "vulnerability_id": "VCID-xbch-udfq-a3hc", "summary": "There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12956", "PYSEC-2017-128" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbch-udfq-a3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/128231?format=api", "vulnerability_id": "VCID-xpng-h4ms-hyhp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60254", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915135", "reference_id": "915135", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19535" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpng-h4ms-hyhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6429?format=api", "vulnerability_id": "VCID-xrp2-1vrh-yyag", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30127", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32815" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/1739", "reference_id": "1739", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T20:00:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/1739" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992705", "reference_id": "992705", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992705" }, { "reference_url": "https://security.archlinux.org/AVG-2265", "reference_id": "AVG-2265", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2265" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m", "reference_id": "GHSA-mv9g-fxh2-m49m", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T20:00:12Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m" }, { "reference_url": "https://usn.ubuntu.com/5043-1/", "reference_id": "USN-5043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5043-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174101?format=api", "purl": "pkg:deb/debian/exiv2@0.27.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-32815" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrp2-1vrh-yyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5424?format=api", "vulnerability_id": "VCID-xvvp-5nze-jbgp", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5362", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524116", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17722", "PYSEC-2018-121" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvvp-5nze-jbgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138502?format=api", "vulnerability_id": "VCID-xy57-p93q-suem", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51533", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13108" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13108" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xy57-p93q-suem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8118?format=api", "vulnerability_id": "VCID-yd2u-b7yg-77cw", "summary": "A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74999", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19716" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/980", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/980" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00013.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-19716", "PYSEC-2021-886" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yd2u-b7yg-77cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7481?format=api", "vulnerability_id": "VCID-yhv3-t5ck-3ff6", "summary": "An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14859", "PYSEC-2017-132" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhv3-t5ck-3ff6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6270?format=api", "vulnerability_id": "VCID-ynpf-btmb-4uae", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-360", "reference_id": "AVG-360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11592", "PYSEC-2017-125" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ynpf-btmb-4uae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135121?format=api", "vulnerability_id": "VCID-z49a-57ju-n7da", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64123", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9304" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z49a-57ju-n7da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7433?format=api", "vulnerability_id": "VCID-z4d1-7dzq-13ac", "summary": "There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80648", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11336", "PYSEC-2017-118" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4d1-7dzq-13ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7562?format=api", "vulnerability_id": "VCID-zcn5-57x6-pfbu", "summary": "Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47017", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10780" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174093?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10780", "PYSEC-2018-125" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcn5-57x6-pfbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6271?format=api", "vulnerability_id": "VCID-zszt-953s-uqh2", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55809", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11591" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3852-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3852-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876893", "reference_id": "876893", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876893" }, { "reference_url": "https://security.archlinux.org/AVG-360", "reference_id": "AVG-360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174094?format=api", "purl": "pkg:deb/debian/exiv2@0.27.2-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.2-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11591", "PYSEC-2017-124" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zszt-953s-uqh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7564?format=api", "vulnerability_id": "VCID-zyyj-29dt-kqay", "summary": "In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0162", "scoring_system": "epss", "scoring_elements": "0.82136", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10958" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/302", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/302" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://usn.ubuntu.com/3700-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://usn.ubuntu.com/3700-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://www.debian.org/security/2018/dsa-4238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/174096?format=api", "purl": "pkg:deb/debian/exiv2@0.25-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.25-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174087?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-pxbv-ypp8-wkfs" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174085?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m46-2feu-yuh1" }, { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-jtxa-kc5c-z7cr" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174089?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nxb-v8b8-bkcf" }, { "vulnerability": "VCID-bpyz-ymzy-zufs" }, { "vulnerability": "VCID-cs4q-3rwr-vke4" }, { "vulnerability": "VCID-p48j-jh17-7fa9" }, { "vulnerability": "VCID-yyhh-t98b-cyen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/174088?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10958", "PYSEC-2018-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyj-29dt-kqay" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }