Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/379474?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "libexif", "version": "0.6.21-r0", "qualifiers": { "arch": "riscv64", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.6.21-r3", "latest_non_vulnerable_version": "0.6.23-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75996?format=api", "vulnerability_id": "VCID-1qye-wx7e-puda", "summary": "Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85329", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85352", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85357", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02397", "scoring_system": "epss", "scoring_elements": "0.85337", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839188", "reference_id": "839188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839188" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2840" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qye-wx7e-puda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75988?format=api", "vulnerability_id": "VCID-22jn-mcwn-j3ax", "summary": "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76455", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76484", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.7649", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.7648", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76469", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839203", "reference_id": "839203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839203" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2812" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22jn-mcwn-j3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75994?format=api", "vulnerability_id": "VCID-44bu-3z7v-5ydx", "summary": "The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79712", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79738", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79743", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79739", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79728", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839185", "reference_id": "839185", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839185" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2837" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44bu-3z7v-5ydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66831?format=api", "vulnerability_id": "VCID-46sb-z45u-aqhp", "summary": "Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2845.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2845.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70544", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70586", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70596", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70578", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70566", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681465", "reference_id": "681465", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840002", "reference_id": "840002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840002" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2845" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46sb-z45u-aqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75991?format=api", "vulnerability_id": "VCID-ceaj-6s1m-3yak", "summary": "The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85715", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85718", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85714", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02522", "scoring_system": "epss", "scoring_elements": "0.85699", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839184", "reference_id": "839184", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839184" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2836" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceaj-6s1m-3yak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75990?format=api", "vulnerability_id": "VCID-fwj4-n4af-wued", "summary": "Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88297", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88299", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.883", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839183", "reference_id": "839183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839183" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2814" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwj4-n4af-wued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75999?format=api", "vulnerability_id": "VCID-g856-qmgw-fbca", "summary": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04256", "scoring_system": "epss", "scoring_elements": "0.88998", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04256", "scoring_system": "epss", "scoring_elements": "0.89015", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04256", "scoring_system": "epss", "scoring_elements": "0.89016", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839189", "reference_id": "839189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839189" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2841" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g856-qmgw-fbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75989?format=api", "vulnerability_id": "VCID-v2pe-r74z-fucm", "summary": "The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76518", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76548", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76553", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76542", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76532", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454", "reference_id": "681454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839182", "reference_id": "839182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839182" }, { "reference_url": "https://security.gentoo.org/glsa/201401-10", "reference_id": "GLSA-201401-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1255", "reference_id": "RHSA-2012:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1255" }, { "reference_url": "https://usn.ubuntu.com/1513-1/", "reference_id": "USN-1513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1513-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379474?format=api", "purl": "pkg:apk/alpine/libexif@0.6.21-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2012-2813" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pe-r74z-fucm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.21-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }