Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60116?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "type": "conan", "namespace": "", "name": "libtiff", "version": "4.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.1", "latest_non_vulnerable_version": "4.5.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44446?format=api", "vulnerability_id": "VCID-2chc-4dg7-eyah", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801", "reference_id": "CVE-2023-0801", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json", "reference_id": "CVE-2023-0801.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2chc-4dg7-eyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44431?format=api", "vulnerability_id": "VCID-2q3f-jw6b-w7dp", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797", "reference_id": "CVE-2023-0797", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "reference_id": "CVE-2023-0797.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q3f-jw6b-w7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44445?format=api", "vulnerability_id": "VCID-6daw-xvw5-tyfw", "summary": "Use After Free\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799", "reference_id": "CVE-2023-0799", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json", "reference_id": "CVE-2023-0799.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6daw-xvw5-tyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44576?format=api", "vulnerability_id": "VCID-6rz4-7zc4-bfcd", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/277" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4645", "reference_id": "CVE-2022-4645", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4645" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json", "reference_id": "CVE-2022-4645.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json" } ], "fixed_packages": [], "aliases": [ "CVE-2022-4645" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rz4-7zc4-bfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44437?format=api", "vulnerability_id": "VCID-bhkq-eqaw-1fba", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800", "reference_id": "CVE-2023-0800", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json", "reference_id": "CVE-2023-0800.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkq-eqaw-1fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44430?format=api", "vulnerability_id": "VCID-ccsd-p6nq-93ae", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802", "reference_id": "CVE-2023-0802", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json", "reference_id": "CVE-2023-0802.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0802" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccsd-p6nq-93ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44435?format=api", "vulnerability_id": "VCID-n6xy-jdpr-tfbq", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795", "reference_id": "CVE-2023-0795", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "reference_id": "CVE-2023-0795.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6xy-jdpr-tfbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44439?format=api", "vulnerability_id": "VCID-pnp2-whuf-w3d7", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804", "reference_id": "CVE-2023-0804", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json", "reference_id": "CVE-2023-0804.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnp2-whuf-w3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44440?format=api", "vulnerability_id": "VCID-rben-hn5u-kqdh", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798", "reference_id": "CVE-2023-0798", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json", "reference_id": "CVE-2023-0798.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0798" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rben-hn5u-kqdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44443?format=api", "vulnerability_id": "VCID-tynz-dfpk-6kgb", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803", "reference_id": "CVE-2023-0803", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json", "reference_id": "CVE-2023-0803.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0803" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tynz-dfpk-6kgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45239?format=api", "vulnerability_id": "VCID-xms6-c2j7-hfh8", "summary": "Out-of-bounds Write\nA vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/464" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-30775", "reference_id": "CVE-2023-30775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-30775" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30775", "reference_id": "CVE-2023-30775", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-30775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xms6-c2j7-hfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44434?format=api", "vulnerability_id": "VCID-yfgk-2pdu-w3gc", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/499" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796", "reference_id": "CVE-2023-0796", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json", "reference_id": "CVE-2023-0796.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0796" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfgk-2pdu-w3gc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3174?format=api", "vulnerability_id": "VCID-2z91-euur-mkg6", "summary": "", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/410" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1622", "reference_id": "CVE-2022-1622", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1622" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json", "reference_id": "CVE-2022-1622.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-1622" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2z91-euur-mkg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4923?format=api", "vulnerability_id": "VCID-9fb5-82gn-c7em", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/393" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909", "reference_id": "CVE-2022-0909", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", "reference_id": "CVE-2022-0909.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0909" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fb5-82gn-c7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3173?format=api", "vulnerability_id": "VCID-9vzm-g4pv-dkga", "summary": "", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/410" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1623", "reference_id": "CVE-2022-1623", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1623" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json", "reference_id": "CVE-2022-1623.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-1623" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-g4pv-dkga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42794?format=api", "vulnerability_id": "VCID-anfx-xj8v-kfg8", "summary": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/391", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/391" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1056", "reference_id": "CVE-2022-1056", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1056" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json", "reference_id": "CVE-2022-1056.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-1056" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anfx-xj8v-kfg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4926?format=api", "vulnerability_id": "VCID-b1uw-w9nk-v3ht", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/380" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/382" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891", "reference_id": "CVE-2022-0891", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", "reference_id": "CVE-2022-0891.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0891" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1uw-w9nk-v3ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4928?format=api", "vulnerability_id": "VCID-gh3j-c1nj-sfby", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562", "reference_id": "CVE-2022-0562", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", "reference_id": "CVE-2022-0562.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0562" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gh3j-c1nj-sfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4921?format=api", "vulnerability_id": "VCID-hbjb-er6u-37dz", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/355" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844", "reference_id": "CVE-2022-22844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-22844" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbjb-er6u-37dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45902?format=api", "vulnerability_id": "VCID-hhgz-j76b-k7d4", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nAn issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/455" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40090", "reference_id": "CVE-2022-40090", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40090" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-40090" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhgz-j76b-k7d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4927?format=api", "vulnerability_id": "VCID-jm7h-py2k-c7ha", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/385" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865", "reference_id": "CVE-2022-0865", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json", "reference_id": "CVE-2022-0865.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0865" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7h-py2k-c7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4929?format=api", "vulnerability_id": "VCID-nrc9-7pss-6bgh", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561", "reference_id": "CVE-2022-0561", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", "reference_id": "CVE-2022-0561.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0561" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrc9-7pss-6bgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4924?format=api", "vulnerability_id": "VCID-r2hy-dcn6-kfb8", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/383" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908", "reference_id": "CVE-2022-0908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", "reference_id": "CVE-2022-0908.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0908" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2hy-dcn6-kfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4925?format=api", "vulnerability_id": "VCID-ugr8-526g-5uhc", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/392" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907", "reference_id": "CVE-2022-0907", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", "reference_id": "CVE-2022-0907.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0907" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugr8-526g-5uhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4922?format=api", "vulnerability_id": "VCID-wxte-z2qm-xues", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/278" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924", "reference_id": "CVE-2022-0924", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", "reference_id": "CVE-2022-0924.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-0924" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxte-z2qm-xues" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42835?format=api", "vulnerability_id": "VCID-yx35-45k4-2yaf", "summary": "Uncontrolled Resource Consumption\nA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/402" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff" }, { "reference_url": "https://vuldb.com/?id.196363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://vuldb.com/?id.196363" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1210", "reference_id": "CVE-2022-1210", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1210" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60116?format=api", "purl": "pkg:conan/libtiff@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chc-4dg7-eyah" }, { "vulnerability": "VCID-2q3f-jw6b-w7dp" }, { "vulnerability": "VCID-6daw-xvw5-tyfw" }, { "vulnerability": "VCID-6rz4-7zc4-bfcd" }, { "vulnerability": "VCID-bhkq-eqaw-1fba" }, { "vulnerability": "VCID-ccsd-p6nq-93ae" }, { "vulnerability": "VCID-n6xy-jdpr-tfbq" }, { "vulnerability": "VCID-pnp2-whuf-w3d7" }, { "vulnerability": "VCID-rben-hn5u-kqdh" }, { "vulnerability": "VCID-tynz-dfpk-6kgb" }, { "vulnerability": "VCID-xms6-c2j7-hfh8" }, { "vulnerability": "VCID-yfgk-2pdu-w3gc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" } ], "aliases": [ "CVE-2022-1210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yx35-45k4-2yaf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0" }