Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/192581?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "type": "ebuild", "namespace": "media-libs", "name": "tiff", "version": "4.0.2-r1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.0.3-r6", "latest_non_vulnerable_version": "4.5.0-r2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102729?format=api", "vulnerability_id": "VCID-1w9h-z5g1-6kcb", "summary": "LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2631.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05374", "scoring_system": "epss", "scoring_elements": "0.90262", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05374", "scoring_system": "epss", "scoring_elements": "0.90277", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2631" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=611890", "reference_id": "611890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611890" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34279.txt", "reference_id": "CVE-2010-2631;OSVDB-66090", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34279.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41477/info", "reference_id": "CVE-2010-2631;OSVDB-66090", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41477/info" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2631" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w9h-z5g1-6kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102719?format=api", "vulnerability_id": "VCID-2ry3-axph-dfbm", "summary": "tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to \"downsampled OJPEG input.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2233.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85257", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.8528", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198", "reference_id": "607198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2233" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry3-axph-dfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102734?format=api", "vulnerability_id": "VCID-5xej-h5pw-f7hf", "summary": "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05526", "scoring_system": "epss", "scoring_elements": "0.90414", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05526", "scoring_system": "epss", "scoring_elements": "0.90428", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619614", "reference_id": "619614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939", "reference_id": "684939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0392", "reference_id": "RHSA-2011:0392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0392" }, { "reference_url": "https://usn.ubuntu.com/1102-1/", "reference_id": "USN-1102-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1102-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2011-1167" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xej-h5pw-f7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102733?format=api", "vulnerability_id": "VCID-76z6-kfju-xfee", "summary": "Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09355", "scoring_system": "epss", "scoring_elements": "0.92927", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09355", "scoring_system": "epss", "scoring_elements": "0.92937", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=678635", "reference_id": "678635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678635" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0318", "reference_id": "RHSA-2011:0318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0318" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2011-0192" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76z6-kfju-xfee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102722?format=api", "vulnerability_id": "VCID-8aw8-jxsa-q3eh", "summary": "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18826", "scoring_system": "epss", "scoring_elements": "0.95421", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.18826", "scoring_system": "epss", "scoring_elements": "0.95429", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010", "reference_id": "608010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/14573.txt", "reference_id": "CVE-2010-2482;OSVDB-66083", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/14573.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2482" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8aw8-jxsa-q3eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102714?format=api", "vulnerability_id": "VCID-8sey-6qs1-vbb5", "summary": "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2347.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01061", "scoring_system": "epss", "scoring_elements": "0.77985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01061", "scoring_system": "epss", "scoring_elements": "0.78012", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=510041", "reference_id": "510041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510041" }, { "reference_url": "https://security.gentoo.org/glsa/200908-03", "reference_id": "GLSA-200908-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200908-03" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1159", "reference_id": "RHSA-2009:1159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1159" }, { "reference_url": "https://usn.ubuntu.com/801-1/", "reference_id": "USN-801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/506134?format=api", "purl": "pkg:ebuild/media-libs/tiff@3.8.2-r8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@3.8.2-r8" }, { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2009-2347" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sey-6qs1-vbb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102717?format=api", "vulnerability_id": "VCID-adgf-gyyp-9ubc", "summary": "Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02797", "scoring_system": "epss", "scoring_elements": "0.86376", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02797", "scoring_system": "epss", "scoring_elements": "0.86399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=601274", "reference_id": "601274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=601274" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://usn.ubuntu.com/954-1/", "reference_id": "USN-954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2065" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adgf-gyyp-9ubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102731?format=api", "vulnerability_id": "VCID-bqku-p44f-pbda", "summary": "Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4665.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.85044", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.85068", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4665" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=695887", "reference_id": "695887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695887" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" }, { "reference_url": "https://usn.ubuntu.com/1416-1/", "reference_id": "USN-1416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-4665" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqku-p44f-pbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102730?format=api", "vulnerability_id": "VCID-d187-r77e-8bhn", "summary": "LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3087.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01787", "scoring_system": "epss", "scoring_elements": "0.8308", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01787", "scoring_system": "epss", "scoring_elements": "0.83107", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600188", "reference_id": "600188", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=638301", "reference_id": "638301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638301" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-3087" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d187-r77e-8bhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102739?format=api", "vulnerability_id": "VCID-fv9j-cd1t-jbd3", "summary": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3401.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76323", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682115", "reference_id": "682115", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577", "reference_id": "837577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1590", "reference_id": "RHSA-2012:1590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1590" }, { "reference_url": "https://usn.ubuntu.com/1511-1/", "reference_id": "USN-1511-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1511-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2012-3401" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fv9j-cd1t-jbd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102718?format=api", "vulnerability_id": "VCID-htg2-yp29-hban", "summary": "Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.028", "scoring_system": "epss", "scoring_elements": "0.86385", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.028", "scoring_system": "epss", "scoring_elements": "0.86408", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576", "reference_id": "599576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://usn.ubuntu.com/954-1/", "reference_id": "USN-954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2067" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htg2-yp29-hban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102724?format=api", "vulnerability_id": "VCID-hzgv-brm9-akdh", "summary": "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2595.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82908", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82934", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=610684", "reference_id": "610684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=610684" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2595" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzgv-brm9-akdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102725?format=api", "vulnerability_id": "VCID-jpv7-hgwm-pyh9", "summary": "The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to \"downsampled OJPEG input\" and possibly related to a compiler optimization that triggers a divide-by-zero error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2597.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81051", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81079", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=610776", "reference_id": "610776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=610776" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2597" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpv7-hgwm-pyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102721?format=api", "vulnerability_id": "VCID-kc84-s4s8-t3d2", "summary": "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2481.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01608", "scoring_system": "epss", "scoring_elements": "0.82086", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01608", "scoring_system": "epss", "scoring_elements": "0.82116", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=611895", "reference_id": "611895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611895" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2481" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kc84-s4s8-t3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102723?format=api", "vulnerability_id": "VCID-mn52-n2fv-hfds", "summary": "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79827", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79852", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=611900", "reference_id": "611900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611900" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2483" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn52-n2fv-hfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102728?format=api", "vulnerability_id": "VCID-mx92-rrxt-4qgs", "summary": "The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03939", "scoring_system": "epss", "scoring_elements": "0.88546", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03939", "scoring_system": "epss", "scoring_elements": "0.88564", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2630" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=611886", "reference_id": "611886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611886" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34278.txt", "reference_id": "CVE-2010-2630;OSVDB-66089", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34278.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41475/info", "reference_id": "CVE-2010-2630;OSVDB-66089", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41475/info" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://usn.ubuntu.com/1085-1/", "reference_id": "USN-1085-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1085-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2630" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mx92-rrxt-4qgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4758?format=api", "vulnerability_id": "VCID-sccn-urtk-gbb6", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2596.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2596.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00999", "scoring_system": "epss", "scoring_elements": "0.77329", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00999", "scoring_system": "epss", "scoring_elements": "0.77358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2596" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=610759", "reference_id": "610759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=610759" }, { "reference_url": "https://security.archlinux.org/ASA-201611-26", "reference_id": "ASA-201611-26", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-26" }, { "reference_url": "https://security.archlinux.org/ASA-201611-27", "reference_id": "ASA-201611-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-27" }, { "reference_url": "https://security.archlinux.org/AVG-85", "reference_id": "AVG-85", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-85" }, { "reference_url": "https://security.archlinux.org/AVG-86", "reference_id": "AVG-86", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-86" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0222", "reference_id": "RHSA-2014:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0222" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2596" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sccn-urtk-gbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102738?format=api", "vulnerability_id": "VCID-sdda-nfpd-wkeq", "summary": "Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2113.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0117", "scoring_system": "epss", "scoring_elements": "0.79003", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0117", "scoring_system": "epss", "scoring_elements": "0.7903", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140", "reference_id": "678140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551", "reference_id": "810551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1054", "reference_id": "RHSA-2012:1054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1054" }, { "reference_url": "https://usn.ubuntu.com/1498-1/", "reference_id": "USN-1498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2012-2113" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdda-nfpd-wkeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102715?format=api", "vulnerability_id": "VCID-sszm-sw4b-sufy", "summary": "Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16555", "scoring_system": "epss", "scoring_elements": "0.95032", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16555", "scoring_system": "epss", "scoring_elements": "0.9504", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624287", "reference_id": "624287", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=695885", "reference_id": "695885", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695885" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/22681.txt", "reference_id": "CVE-2009-5022;OSVDB-72260", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/22681.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0452", "reference_id": "RHSA-2011:0452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0452" }, { "reference_url": "https://usn.ubuntu.com/1120-1/", "reference_id": "USN-1120-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1120-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2009-5022" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sszm-sw4b-sufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102736?format=api", "vulnerability_id": "VCID-u6j2-a2em-u3dv", "summary": "Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1173.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06846", "scoring_system": "epss", "scoring_elements": "0.91514", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06846", "scoring_system": "epss", "scoring_elements": "0.91527", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803078", "reference_id": "803078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803078" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0468", "reference_id": "RHSA-2012:0468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0468" }, { "reference_url": "https://usn.ubuntu.com/1416-1/", "reference_id": "USN-1416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2012-1173" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6j2-a2em-u3dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102737?format=api", "vulnerability_id": "VCID-vpnh-b4rq-wqhy", "summary": "Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2088.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02978", "scoring_system": "epss", "scoring_elements": "0.86777", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02978", "scoring_system": "epss", "scoring_elements": "0.86799", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140", "reference_id": "678140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864", "reference_id": "832864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1054", "reference_id": "RHSA-2012:1054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1054" }, { "reference_url": "https://usn.ubuntu.com/1498-1/", "reference_id": "USN-1498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2012-2088" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpnh-b4rq-wqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102720?format=api", "vulnerability_id": "VCID-y111-7xx7-k7bm", "summary": "The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2443.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02674", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02674", "scoring_system": "epss", "scoring_elements": "0.86126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2443" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010", "reference_id": "608010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-2443" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y111-7xx7-k7bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102716?format=api", "vulnerability_id": "VCID-yq53-171e-nye4", "summary": "Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1411.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1411.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73439", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1411" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=592361", "reference_id": "592361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=592361" }, { "reference_url": "https://security.gentoo.org/glsa/201209-02", "reference_id": "GLSA-201209-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0519", "reference_id": "RHSA-2010:0519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0520", "reference_id": "RHSA-2010:0520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0520" }, { "reference_url": "https://usn.ubuntu.com/954-1/", "reference_id": "USN-954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192581?format=api", "purl": "pkg:ebuild/media-libs/tiff@4.0.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" } ], "aliases": [ "CVE-2010-1411" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yq53-171e-nye4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/tiff@4.0.2-r1" }