Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/927721?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "libjpeg-turbo", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.3.0-3", "latest_non_vulnerable_version": "1:3.1.3-4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18804?format=api", "vulnerability_id": "VCID-9ewc-ttxk-eufx", "summary": "Out-of-bounds Write\nlibjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20493", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20084", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20338", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20336", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2021", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20204", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2017", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20552", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20449", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235521", "reference_id": "2235521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235521" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", "reference_id": "27NR3KG553CG6LGPMP6SHWEVHTYPL6RC", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "reference_id": "6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29390", "reference_id": "CVE-2021-29390", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29390" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", "reference_id": "jdcoefct.c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", "reference_id": "jdcoefct.c#L595", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "reference_id": "KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2295", "reference_id": "RHSA-2024:2295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2295" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29390" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ewc-ttxk-eufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17726?format=api", "vulnerability_id": "VCID-b91f-d2h1-8ya5", "summary": "Out-of-bounds Write\nA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23355", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23618", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23733", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2365", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23662", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23653", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23523", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23475", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24269", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2804", "reference_id": "CVE-2023-2804", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2804" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2804", "reference_id": "CVE-2023-2804", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2804" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b91f-d2h1-8ya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80526?format=api", "vulnerability_id": "VCID-bz3a-w43e-y7fb", "summary": "libjpeg-turbo: DoS via open crafted GIF", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63034", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63122", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63087", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63156", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63159", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63178", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6318", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63195", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63194", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6316", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", "reference_id": "1937385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937385" }, { "reference_url": "https://security.archlinux.org/AVG-1671", "reference_id": "AVG-1671", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20205", "reference_id": "CVE-2021-20205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20205" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3a-w43e-y7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47221?format=api", "vulnerability_id": "VCID-ed2r-h2fk-kqfq", "summary": "A vulnerability in libjpeg-turbo could result in execution of\n arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.8488", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84905", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84913", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.8493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84946", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84943", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84976", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.84993", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2806" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/07/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2012/07/17/3" }, { "reference_url": "http://secunia.com/advisories/49883", "reference_id": "49883", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://secunia.com/advisories/49883" }, { "reference_url": "http://secunia.com/advisories/50753", "reference_id": "50753", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://secunia.com/advisories/50753" }, { "reference_url": "http://www.securityfocus.com/bid/54480", "reference_id": "54480", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.securityfocus.com/bid/54480" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76952", "reference_id": "76952", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76952" }, { "reference_url": "http://osvdb.org/84040", "reference_id": "84040", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://osvdb.org/84040" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:121", "reference_id": "advisories?name=MDVSA-2012:121", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:121" }, { "reference_url": "https://security.gentoo.org/glsa/201209-13", "reference_id": "GLSA-201209-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-13" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-13.xml", "reference_id": "glsa-201209-13.xml", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201209-13.xml" }, { "reference_url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830", "reference_id": "libjpeg-turbo?view=revision&revision=830", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=759802", "reference_id": "show_bug.cgi?id=759802", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=759802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=826849", "reference_id": "show_bug.cgi?id=826849", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=826849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2806" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2r-h2fk-kqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82983?format=api", "vulnerability_id": "VCID-qbwh-xe67-rkdu", "summary": "libjpeg-turbo: heap-based buffer overflow in tjLoadImage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56088", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56159", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56134", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56227", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56209", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56242", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56244", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56212", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20330" }, { "reference_url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665223", "reference_id": "1665223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665223" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20330", "reference_id": "CVE-2018-20330", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20330" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20330" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbwh-xe67-rkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82974?format=api", "vulnerability_id": "VCID-uu2t-7ffz-j7bm", "summary": "libjpeg-turbo: heap-based buffer over-read in the put_pixel_rows function in wrbmp.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44593", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4463", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44561", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44478", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44397", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44274", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656218", "reference_id": "1656218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656218" }, { "reference_url": "https://usn.ubuntu.com/4190-1/", "reference_id": "USN-4190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4190-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uu2t-7ffz-j7bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81196?format=api", "vulnerability_id": "VCID-wejg-2zp8-1yd3", "summary": "libjpeg: out-of-bounds read for certain table pointers in jdhuff.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.56997", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57115", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57143", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57138", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57047", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57067", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57048", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14153" }, { "reference_url": "https://bugs.gentoo.org/727908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/727908" }, { "reference_url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ijg.org/files/jpegsrc.v9d.tar.gz" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849032", "reference_id": "1849032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849032" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14153", "reference_id": "CVE-2020-14153", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14153" }, { "reference_url": "https://usn.ubuntu.com/USN-5336-1/", "reference_id": "USN-USN-5336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5336-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wejg-2zp8-1yd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162806?format=api", "vulnerability_id": "VCID-y4q6-9s32-rkej", "summary": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62072", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62182", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62208", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62231", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62238", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62222", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62233", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62249", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62243", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62188", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927721?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927722?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d73e-m4f8-73bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927720?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927723?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067570?format=api", "purl": "pkg:deb/debian/libjpeg-turbo@1:3.1.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:3.1.3-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6702" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4q6-9s32-rkej" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie" }