Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/927720?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "libjpeg-turbo", "version": "1:2.1.5-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:2.1.5-4", "latest_non_vulnerable_version": "1:2.1.5-4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83461?format=api", "vulnerability_id": "VCID-2eke-m7j3-1qc5", "summary": "libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11212.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83173", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.8319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01902", "scoring_system": "epss", "scoring_elements": "0.83227", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a" }, { "reference_url": "https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190118-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190118-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "http://www.ijg.org/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/" }, { "reference_url": "http://www.securityfocus.com/bid/106583", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579973", "reference_id": "1579973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579973" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176", "reference_id": "902176", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11212", "reference_id": "CVE-2018-11212", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0469", "reference_id": "RHSA-2019:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0472", "reference_id": "RHSA-2019:0472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0473", "reference_id": "RHSA-2019:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0474", "reference_id": "RHSA-2019:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0640", "reference_id": "RHSA-2019:0640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1238", "reference_id": "RHSA-2019:1238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927726?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11212" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2eke-m7j3-1qc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35826?format=api", "vulnerability_id": "VCID-6qse-ddhe-f7ea", "summary": "Two vulnerabilities have been discovered in libjpeg-turbo, the\n worse of which could allow remote attackers access to sensitive\n information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43386", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43497", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43466", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43475", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43413", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43479", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031734", "reference_id": "1031734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031734" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867", "reference_id": "729867", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873", "reference_id": "729873", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://security.gentoo.org/glsa/201606-03", "reference_id": "GLSA-201606-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-116", "reference_id": "mfsa2013-116", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1803", "reference_id": "RHSA-2013:1803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1804", "reference_id": "RHSA-2013:1804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0412", "reference_id": "RHSA-2014:0412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0413", "reference_id": "RHSA-2014:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0486", "reference_id": "RHSA-2014:0486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0508", "reference_id": "RHSA-2014:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0509", "reference_id": "RHSA-2014:0509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0705", "reference_id": "RHSA-2014:0705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0982", "reference_id": "RHSA-2014:0982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0982" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" }, { "reference_url": "https://usn.ubuntu.com/2060-1/", "reference_id": "USN-2060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927724?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6629" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qse-ddhe-f7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60289?format=api", "vulnerability_id": "VCID-77d3-x18w-a7f6", "summary": "Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.65722", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968036", "reference_id": "1968036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17541", "reference_id": "CVE-2020-17541", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17541" }, { "reference_url": "https://security.gentoo.org/glsa/202405-20", "reference_id": "GLSA-202405-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4288", "reference_id": "RHSA-2021:4288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4288" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-17541" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77d3-x18w-a7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83463?format=api", "vulnerability_id": "VCID-95f9-st4n-wydt", "summary": "libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77575", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77566", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579980", "reference_id": "1579980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579980" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176", "reference_id": "902176", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11214", "reference_id": "CVE-2018-11214", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927726?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11214" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95f9-st4n-wydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18804?format=api", "vulnerability_id": "VCID-9ewc-ttxk-eufx", "summary": "Out-of-bounds Write\nlibjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20493", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20552", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20449", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235521", "reference_id": "2235521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235521" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", "reference_id": "27NR3KG553CG6LGPMP6SHWEVHTYPL6RC", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "reference_id": "6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29390", "reference_id": "CVE-2021-29390", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29390" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", "reference_id": "jdcoefct.c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", "reference_id": "jdcoefct.c#L595", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "reference_id": "KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2295", "reference_id": "RHSA-2024:2295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2295" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29390" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ewc-ttxk-eufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81110?format=api", "vulnerability_id": "VCID-a3r5-u4q5-efhk", "summary": "libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0729", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07374", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07344", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122387", "reference_id": "2122387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122387" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927729?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35538" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3r5-u4q5-efhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83261?format=api", "vulnerability_id": "VCID-adpa-bp3z-vbhn", "summary": "libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53273", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53198", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5319", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53242", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258" }, { "reference_url": "https://github.com/mozilla/mozjpeg/issues/299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mozilla/mozjpeg/issues/299" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687424", "reference_id": "1687424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687424" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678", "reference_id": "924678", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14498", "reference_id": "CVE-2018-14498", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3705", "reference_id": "RHSA-2019:3705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3705" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14498" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adpa-bp3z-vbhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17726?format=api", "vulnerability_id": "VCID-b91f-d2h1-8ya5", "summary": "Out-of-bounds Write\nA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2365", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23618", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23733", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24269", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2804", "reference_id": "CVE-2023-2804", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2804" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2804", "reference_id": "CVE-2023-2804", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2804" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b91f-d2h1-8ya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80526?format=api", "vulnerability_id": "VCID-bz3a-w43e-y7fb", "summary": "libjpeg-turbo: DoS via open crafted GIF", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63034", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63122", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63087", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63156", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63159", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63136", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", "reference_id": "1937385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937385" }, { "reference_url": "https://security.archlinux.org/AVG-1671", "reference_id": "AVG-1671", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20205", "reference_id": "CVE-2021-20205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20205" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3a-w43e-y7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80461?format=api", "vulnerability_id": "VCID-d73e-m4f8-73bc", "summary": "libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3501", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34962", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3499", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34958", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34934", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100044", "reference_id": "2100044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100044" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46822", "reference_id": "CVE-2021-46822", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1068", "reference_id": "RHSA-2023:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1068" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927730?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46822" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d73e-m4f8-73bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47221?format=api", "vulnerability_id": "VCID-ed2r-h2fk-kqfq", "summary": "A vulnerability in libjpeg-turbo could result in execution of\n arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.8488", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84905", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84913", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.8493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2806" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/07/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2012/07/17/3" }, { "reference_url": "http://secunia.com/advisories/49883", "reference_id": "49883", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://secunia.com/advisories/49883" }, { "reference_url": "http://secunia.com/advisories/50753", "reference_id": "50753", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://secunia.com/advisories/50753" }, { "reference_url": "http://www.securityfocus.com/bid/54480", "reference_id": "54480", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.securityfocus.com/bid/54480" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76952", "reference_id": "76952", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76952" }, { "reference_url": "http://osvdb.org/84040", "reference_id": "84040", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://osvdb.org/84040" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:121", "reference_id": "advisories?name=MDVSA-2012:121", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:121" }, { "reference_url": "https://security.gentoo.org/glsa/201209-13", "reference_id": "GLSA-201209-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-13" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-13.xml", "reference_id": "glsa-201209-13.xml", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201209-13.xml" }, { "reference_url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830", "reference_id": "libjpeg-turbo?view=revision&revision=830", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=759802", "reference_id": "show_bug.cgi?id=759802", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=759802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=826849", "reference_id": "show_bug.cgi?id=826849", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=826849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2806" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2r-h2fk-kqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85279?format=api", "vulnerability_id": "VCID-f5wv-ttaf-r7f4", "summary": "libjpeg: null pointer dereference in cjpeg", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3616.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80448", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80395", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.8044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.8045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01404", "scoring_system": "epss", "scoring_elements": "0.80455", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", "reference_id": "1319661", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819969", "reference_id": "819969", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927726?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-3616" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5wv-ttaf-r7f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86079?format=api", "vulnerability_id": "VCID-kq64-v665-tyht", "summary": "libjpeg-turbo: denial of service via specially-crafted JPEG file", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9092.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83095", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83099", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.8303", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83046", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.8306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83058", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.8309", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0187", "scoring_system": "epss", "scoring_elements": "0.83105", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9092" }, { "reference_url": "https://tapani.tarvainen.info/linux/convertbug/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://tapani.tarvainen.info/linux/convertbug/" }, { "reference_url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/26/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/26/8" }, { "reference_url": "http://www.securityfocus.com/bid/71326", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", "reference_id": "1169845", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369", "reference_id": "768369", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9092", "reference_id": "CVE-2014-9092", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9092" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927725?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.3.1-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.3.1-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9092" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq64-v665-tyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82983?format=api", "vulnerability_id": "VCID-qbwh-xe67-rkdu", "summary": "libjpeg-turbo: heap-based buffer overflow in tjLoadImage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56209", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56227", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56241", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20330" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665223", "reference_id": "1665223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665223" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20330", "reference_id": "CVE-2018-20330", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20330" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20330" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbwh-xe67-rkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35828?format=api", "vulnerability_id": "VCID-rfqk-ffy7-yqee", "summary": "Two vulnerabilities have been discovered in libjpeg-turbo, the\n worse of which could allow remote attackers access to sensitive\n information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82908", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82842", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82859", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82872", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82868", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0183", "scoring_system": "epss", "scoring_elements": "0.82911", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031749", "reference_id": "1031749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031749" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867", "reference_id": "729867", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873", "reference_id": "729873", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873" }, { "reference_url": "https://security.gentoo.org/glsa/201606-03", "reference_id": "GLSA-201606-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-116", "reference_id": "mfsa2013-116", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1803", "reference_id": "RHSA-2013:1803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1803" }, { "reference_url": "https://usn.ubuntu.com/2052-1/", "reference_id": "USN-2052-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2052-1/" }, { "reference_url": "https://usn.ubuntu.com/2053-1/", "reference_id": "USN-2053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2053-1/" }, { "reference_url": "https://usn.ubuntu.com/2060-1/", "reference_id": "USN-2060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927724?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1.3.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1.3.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6630" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqk-ffy7-yqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58214?format=api", "vulnerability_id": "VCID-rgsc-btdd-m3he", "summary": "An information disclosure vulnerability in libjpeg-turbo allow\n remote attackers to obtain sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65279", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65267", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65239", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847155", "reference_id": "1847155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847155" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829", "reference_id": "962829", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790", "reference_id": "CVE-2020-13790", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" }, { "reference_url": "https://security.gentoo.org/glsa/202010-03", "reference_id": "GLSA-202010-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7540", "reference_id": "RHSA-2025:7540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7540" }, { "reference_url": "https://usn.ubuntu.com/4386-1/", "reference_id": "USN-4386-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4386-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13790" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgsc-btdd-m3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83462?format=api", "vulnerability_id": "VCID-rswk-24y5-67dn", "summary": "libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11213.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75292", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75359", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579979", "reference_id": "1579979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579979" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176", "reference_id": "902176", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11213", "reference_id": "CVE-2018-11213", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927726?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11213" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rswk-24y5-67dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83400?format=api", "vulnerability_id": "VCID-tvq2-6ujj-7yet", "summary": "libjpeg: \"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4812", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48095", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48049", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48102", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11813" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf" }, { "reference_url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588803", "reference_id": "1588803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588803" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719", "reference_id": "904719", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813", "reference_id": "CVE-2018-11813", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2052", "reference_id": "RHSA-2019:2052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/5631-1/", "reference_id": "USN-5631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5631-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11813" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvq2-6ujj-7yet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83911?format=api", "vulnerability_id": "VCID-ugd8-a68r-hugj", "summary": "libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67957", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67971", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67906", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182" }, { "reference_url": "https://github.com/mozilla/mozjpeg/issues/268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mozilla/mozjpeg/issues/268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500678", "reference_id": "1500678", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500678" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567", "reference_id": "878567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15232", "reference_id": "CVE-2017-15232", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15232" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15232" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugd8-a68r-hugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82974?format=api", "vulnerability_id": "VCID-uu2t-7ffz-j7bm", "summary": "libjpeg-turbo: heap-based buffer over-read in the put_pixel_rows function in wrbmp.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44593", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44581", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656218", "reference_id": "1656218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656218" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uu2t-7ffz-j7bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81194?format=api", "vulnerability_id": "VCID-vrpv-znq2-6yd9", "summary": "libjpeg: improper handling of max_memory_to_use setting can lead to excessive memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78637", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78643", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.78668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01168", "scoring_system": "epss", "scoring_elements": "0.7865", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14152" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849026", "reference_id": "1849026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849026" }, { "reference_url": "https://usn.ubuntu.com/5497-1/", "reference_id": "USN-5497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5497-1/" }, { "reference_url": "https://usn.ubuntu.com/5553-1/", "reference_id": "USN-5553-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5553-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5497-2/", "reference_id": "USN-USN-5497-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5497-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927728?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:1.5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.5.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14152" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrpv-znq2-6yd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48088?format=api", "vulnerability_id": "VCID-w4km-zqts-3bhv", "summary": "Several integer overflows in libjpeg-turbo might allow an attacker\n to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77809", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77869", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01083", "scoring_system": "epss", "scoring_elements": "0.77825", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/" }, { "reference_url": "https://source.android.com/security/bulletin/2019-11-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2019-11-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770982", "reference_id": "1770982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770982" }, { "reference_url": "https://security.archlinux.org/AVG-1067", "reference_id": "AVG-1067", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1067" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2201", "reference_id": "CVE-2019-2201", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2201" }, { "reference_url": "https://security.gentoo.org/glsa/202003-23", "reference_id": "GLSA-202003-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-23" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-2201" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4km-zqts-3bhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81196?format=api", "vulnerability_id": "VCID-wejg-2zp8-1yd3", "summary": "libjpeg: out-of-bounds read for certain table pointers in jdhuff.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.56997", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57115", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14153" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849032", "reference_id": "1849032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849032" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14153", "reference_id": "CVE-2020-14153", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14153" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wejg-2zp8-1yd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162806?format=api", "vulnerability_id": "VCID-y4q6-9s32-rkej", "summary": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62072", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62182", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62208", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62187", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6702" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4q6-9s32-rkej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83393?format=api", "vulnerability_id": "VCID-zqqx-68x1-h3ak", "summary": "libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73039", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.72963", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html" }, { "reference_url": "https://www.tenable.com/security/research/tra-2018-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/research/tra-2018-17" }, { "reference_url": "http://www.securityfocus.com/bid/104543", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593554", "reference_id": "1593554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950", "reference_id": "902950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1152", "reference_id": "CVE-2018-1152", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1152" }, { "reference_url": "https://usn.ubuntu.com/3706-1/", "reference_id": "USN-3706-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-1/" }, { "reference_url": "https://usn.ubuntu.com/3706-2/", "reference_id": "USN-3706-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3706-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927727?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1152" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqqx-68x1-h3ak" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }