Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:conan/libtiff@4.0.0

Type conan

Namespace

Name libtiff

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.7.0

Latest_non_vulnerable_version 4.7.0

Affected_by_vulnerabilities

url VCID-9gqh-2uat-93c7

vulnerability_id VCID-9gqh-2uat-93c7

summary

Out-of-bounds Write
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.0605
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05899
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06622
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06671
published_at	2026-04-08T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06705
published_at	2026-04-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06704
published_at	2026-04-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06697
published_at	2026-04-12T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06688
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06621
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06598
published_at	2026-04-02T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06642
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/463
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/463

reference_url	https://access.redhat.com/security/cve/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-30774

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:conan/libtiff@4.3.0

purl pkg:conan/libtiff@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-5r1p-webw-nkcn

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-zedn-437q-47b2

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.3.0

aliases CVE-2023-30774

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqh-2uat-93c7

url VCID-qsrb-hf2u-tudp

vulnerability_id VCID-qsrb-hf2u-tudp

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09625
published_at	2026-04-21T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09618
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09626
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09596
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0958
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09473
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09477
published_at	2026-04-18T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09497
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09571
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17853
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17906
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17693
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495
reference_id	2054495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

https://security.archlinux.org/AVG-2658

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2658

reference_url

https://security.archlinux.org/AVG-2659

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2659

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562
reference_id	CVE-2022-0562
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json
reference_id	CVE-2022-0562.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:conan/libtiff@4.4.0

purl pkg:conan/libtiff@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0

aliases CVE-2022-0562

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.0.0

Package Instance