Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie

Type deb

Namespace debian

Name libavif

Version 0.11.1-1+deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.1.0-1

Latest_non_vulnerable_version 1.4.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2cqy-bg4s-g3f4

vulnerability_id VCID-2cqy-bg4s-g3f4

summary Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6350

reference_id

reference_type

scores

value	0.0124
scoring_system	epss
scoring_elements	0.79199
published_at	2026-04-02T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79223
published_at	2026-04-04T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79207
published_at	2026-04-07T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79233
published_at	2026-04-08T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.7924
published_at	2026-04-09T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79265
published_at	2026-04-16T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79249
published_at	2026-04-12T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79238
published_at	2026-04-13T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79261
published_at	2026-04-18T12:55:00Z

value	0.0124
scoring_system	epss
scoring_elements	0.79262
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6346

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6347

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351

reference_url	https://security.gentoo.org/glsa/202402-14
reference_id	GLSA-202402-14
reference_type
scores
url	https://security.gentoo.org/glsa/202402-14

fixed_packages

url	pkg:deb/debian/libavif@0?distro=trixie
purl	pkg:deb/debian/libavif@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2023-6350

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cqy-bg4s-g3f4

url VCID-ddek-ah5n-87ft

vulnerability_id VCID-ddek-ah5n-87ft

summary libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36407

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.64788
published_at	2026-04-01T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64838
published_at	2026-04-02T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64866
published_at	2026-04-04T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64828
published_at	2026-04-07T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64878
published_at	2026-04-08T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64893
published_at	2026-04-09T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64909
published_at	2026-04-11T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.649
published_at	2026-04-12T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64872
published_at	2026-04-13T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.6491
published_at	2026-04-16T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64921
published_at	2026-04-18T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64905
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36407

fixed_packages

url	pkg:deb/debian/libavif@0.8.2-1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.2-1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2020-36407

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddek-ah5n-87ft

url VCID-m229-g3dn-pbbg

vulnerability_id VCID-m229-g3dn-pbbg

summary In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48174

reference_id

reference_type

scores

value	0.00362
scoring_system	epss
scoring_elements	0.5833
published_at	2026-04-21T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58288
published_at	2026-04-02T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58308
published_at	2026-04-04T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58283
published_at	2026-04-07T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58336
published_at	2026-04-08T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58342
published_at	2026-04-09T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.5836
published_at	2026-04-11T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58337
published_at	2026-04-12T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58317
published_at	2026-04-13T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58349
published_at	2026-04-16T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58353
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48174

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105885
reference_id	1105885
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105885

reference_url

https://github.com/AOMediaCodec/libavif/pull/2768

reference_id

2768

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:25:39Z/

url

https://github.com/AOMediaCodec/libavif/pull/2768

reference_url

https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109

reference_id

50a743062938a3828581d725facc9c2b92a1d109

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:25:39Z/

url

https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109

reference_url

https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11

reference_id

c9f1bea437f21cb78f9919c332922a3b0ba65e11

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:25:39Z/

url

https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11

reference_url

https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029

reference_id

e5fdefe7d1776e6c4cf1703c163a8c0535599029

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:25:39Z/

url

https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029

fixed_packages

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.1?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2025-48174

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m229-g3dn-pbbg

url VCID-nx63-bqh3-8fes

vulnerability_id VCID-nx63-bqh3-8fes

summary Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6351

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43377
published_at	2026-04-02T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43405
published_at	2026-04-04T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43343
published_at	2026-04-07T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43394
published_at	2026-04-08T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43408
published_at	2026-04-09T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43427
published_at	2026-04-11T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43396
published_at	2026-04-12T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.4338
published_at	2026-04-13T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43439
published_at	2026-04-16T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43428
published_at	2026-04-18T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43362
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6346

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6347

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351

reference_url	https://security.gentoo.org/glsa/202402-14
reference_id	GLSA-202402-14
reference_type
scores
url	https://security.gentoo.org/glsa/202402-14

fixed_packages

url	pkg:deb/debian/libavif@0?distro=trixie
purl	pkg:deb/debian/libavif@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2023-6351

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx63-bqh3-8fes

url VCID-vpe9-3csn-vyf1

vulnerability_id VCID-vpe9-3csn-vyf1

summary In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48175

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.57089
published_at	2026-04-21T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57068
published_at	2026-04-02T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57067
published_at	2026-04-07T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57118
published_at	2026-04-08T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.5712
published_at	2026-04-09T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57131
published_at	2026-04-11T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.5711
published_at	2026-04-18T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57087
published_at	2026-04-13T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57115
published_at	2026-04-16T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.5709
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48175

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105883
reference_id	1105883
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105883

reference_url

https://github.com/AOMediaCodec/libavif/pull/2769

reference_id

2769

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:35:26Z/

url

https://github.com/AOMediaCodec/libavif/pull/2769

reference_url

https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd

reference_id

64d956ed5a602f78cebf29da023280944ee92efd

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:35:26Z/

url

https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd

reference_url

https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844

reference_id

GHSA-762c-2538-h844

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:35:26Z/

url

https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844

fixed_packages

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.1?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2025-48175

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpe9-3csn-vyf1

url VCID-xccw-1usp-u3c8

vulnerability_id VCID-xccw-1usp-u3c8

summary Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6704

reference_id

reference_type

scores

value	0.00186
scoring_system	epss
scoring_elements	0.4028
published_at	2026-04-21T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40373
published_at	2026-04-02T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40398
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.4036
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40341
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40386
published_at	2026-04-16T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40356
published_at	2026-04-18T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40399
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40324
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40375
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40387
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6702
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6702

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6704
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6707
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6707

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://crbug.com/1504792

reference_id

1504792

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T16:55:55Z/

url

https://crbug.com/1504792

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/

reference_id

6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T16:55:55Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/

reference_url	https://security.gentoo.org/glsa/202402-14
reference_id	GLSA-202402-14
reference_type
scores
url	https://security.gentoo.org/glsa/202402-14

reference_url

https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html

reference_id

stable-channel-update-for-desktop_12.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T16:55:55Z/

url

https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html

fixed_packages

url	pkg:deb/debian/libavif@0?distro=trixie
purl	pkg:deb/debian/libavif@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.8.4-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libavif@0.11.1-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.1.0-1?distro=trixie
purl	pkg:deb/debian/libavif@1.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.1.0-1%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
purl	pkg:deb/debian/libavif@1.2.1-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.2.1-1.2%3Fdistro=trixie

url	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
purl	pkg:deb/debian/libavif@1.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@1.4.1-1%3Fdistro=trixie

aliases CVE-2023-6704

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xccw-1usp-u3c8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libavif@0.11.1-1%252Bdeb12u1%3Fdistro=trixie

Package Instance