Package Instance

reference_id

libraw-0-21-4-release

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json

reference_url	https://usn.ubuntu.com/7485-1/
reference_id	USN-7485-1
reference_type
scores
url	https://usn.ubuntu.com/7485-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2025-43964

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33xw-gu7q-3uht

url VCID-34d5-3aug-ffgw

vulnerability_id VCID-34d5-3aug-ffgw

summary libraw: NULL pointer dereference in LibRaw::copy_bayer resulting in a denial of service

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20364

reference_id

reference_type

scores

value	0.00493
scoring_system	epss
scoring_elements	0.65616
published_at	2026-04-01T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65751
published_at	2026-04-18T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65731
published_at	2026-04-12T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65702
published_at	2026-04-13T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65737
published_at	2026-04-16T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65665
published_at	2026-04-02T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65694
published_at	2026-04-04T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.6566
published_at	2026-04-07T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65711
published_at	2026-04-08T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65724
published_at	2026-04-09T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65745
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/194
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/194

reference_url	http://www.securityfocus.com/bid/106299
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106299

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1663961
reference_id	1663961
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1663961

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112
reference_id	917112
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20364

reference_id

CVE-2018-20364

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20364

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.2-2?distro=trixie
purl	pkg:deb/debian/libraw@0.19.2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-20364

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34d5-3aug-ffgw

url VCID-43af-u5hy-afcg

vulnerability_id VCID-43af-u5hy-afcg

summary LibRaw: Out-of-bounds read in simple_decode_row() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35532

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08119
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08178
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08233
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08182
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08246
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08265
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08257
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08237
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0822
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08114
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.081
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122357
reference_id	2122357
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122357

reference_url	https://usn.ubuntu.com/5715-1/
reference_id	USN-5715-1
reference_type
scores
url	https://usn.ubuntu.com/5715-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-35532

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43af-u5hy-afcg

url VCID-4ksq-fpwc-t3fq

vulnerability_id VCID-4ksq-fpwc-t3fq

summary LibRaw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5815

reference_id

reference_type

scores

value	0.00563
scoring_system	epss
scoring_elements	0.68279
published_at	2026-04-01T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68299
published_at	2026-04-02T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68319
published_at	2026-04-04T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68295
published_at	2026-04-07T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68346
published_at	2026-04-08T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68363
published_at	2026-04-09T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68389
published_at	2026-04-11T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68377
published_at	2026-04-12T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68344
published_at	2026-04-13T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68383
published_at	2026-04-16T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68396
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5815

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610151
reference_id	1610151
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610151

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.13-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5815

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ksq-fpwc-t3fq

url VCID-54h1-vj6r-4ue5

vulnerability_id VCID-54h1-vj6r-4ue5

summary LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35535

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14676
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14726
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.148
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14606
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14695
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14754
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14714
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14622
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14513
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14519
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122362
reference_id	2122362
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122362

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-35535

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54h1-vj6r-4ue5

url VCID-57aw-3kt4-5fd8

vulnerability_id VCID-57aw-3kt4-5fd8

summary libraw: Floating point exception in kodak_radc_load_raw function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-13735

reference_id

reference_type

scores

value	0.00342
scoring_system	epss
scoring_elements	0.56942
published_at	2026-04-18T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56948
published_at	2026-04-08T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56951
published_at	2026-04-09T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56939
published_at	2026-04-12T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56916
published_at	2026-04-13T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-16T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56899
published_at	2026-04-02T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.5692
published_at	2026-04-04T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56896
published_at	2026-04-07T12:55:00Z

value	0.00404
scoring_system	epss
scoring_elements	0.60974
published_at	2026-04-11T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69303
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-13735

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488476
reference_id	1488476
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488476

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729
reference_id	874729
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729

reference_url	https://security.archlinux.org/ASA-201709-18
reference_id	ASA-201709-18
reference_type
scores
url	https://security.archlinux.org/ASA-201709-18

reference_url

reference_id

AVG-410

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8366

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-13735

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57aw-3kt4-5fd8

url VCID-5qx5-u16v-vfgz

vulnerability_id VCID-5qx5-u16v-vfgz

summary

Multiple vulnerabilities have been found in LibRaw, the worst of
    which may allow attackers to execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json

reference_url

reference_id

reference_type

scores

value	0.01277
scoring_system	epss
scoring_elements	0.7958
published_at	2026-04-18T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79582
published_at	2026-04-16T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79503
published_at	2026-04-01T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.7951
published_at	2026-04-02T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79533
published_at	2026-04-04T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79519
published_at	2026-04-07T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79547
published_at	2026-04-08T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79555
published_at	2026-04-09T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79577
published_at	2026-04-11T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.7956
published_at	2026-04-12T12:55:00Z

value	0.01277
scoring_system	epss
scoring_elements	0.79552
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8366

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1287056
reference_id	1287056
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1287056

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809
reference_id	806809
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168
reference_id	864168
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168

reference_url

reference_id

AVG-92

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json

reference_url	https://security.gentoo.org/glsa/201701-60
reference_id	GLSA-201701-60
reference_type
scores
url	https://security.gentoo.org/glsa/201701-60

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.17.1-1?distro=trixie
purl	pkg:deb/debian/libraw@0.17.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2015-8366

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qx5-u16v-vfgz

url VCID-6r3y-tdry-guc3

vulnerability_id VCID-6r3y-tdry-guc3

summary security update

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6887

reference_id

reference_type

scores

value	0.00471
scoring_system	epss
scoring_elements	0.64515
published_at	2026-04-01T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64643
published_at	2026-04-18T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64625
published_at	2026-04-12T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64632
published_at	2026-04-16T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64568
published_at	2026-04-02T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64597
published_at	2026-04-13T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64555
published_at	2026-04-07T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64604
published_at	2026-04-08T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.6462
published_at	2026-04-09T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.64638
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1451642
reference_id	1451642
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1451642

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183
reference_id	864183
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.2-2?distro=trixie
purl	pkg:deb/debian/libraw@0.18.2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-6887

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6r3y-tdry-guc3

url VCID-88vk-c7wu-fffr

vulnerability_id VCID-88vk-c7wu-fffr

summary LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43962

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54155
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54262
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54185
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5416
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54212
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54208
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54258
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5424
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54219
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_id

0.21.3...0.21.4

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/

url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781
reference_id	1103781
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2361286
reference_id	2361286
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2361286

reference_url

https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2

reference_id

66fe663e02a4dd610b4e832f5d9af326709336c2

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/

url

https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2

reference_url

reference_id

libraw-0-21-4-release

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json

reference_url	https://usn.ubuntu.com/7485-1/
reference_id	USN-7485-1
reference_type
scores
url	https://usn.ubuntu.com/7485-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2025-43962

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88vk-c7wu-fffr

url VCID-8g8a-1egc-pbhs

vulnerability_id VCID-8g8a-1egc-pbhs

summary LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp

references

reference_url

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5805

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.65977
published_at	2026-04-01T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66019
published_at	2026-04-02T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66047
published_at	2026-04-04T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66015
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66064
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66077
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66096
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66083
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66053
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66088
published_at	2026-04-16T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66102
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591887
reference_id	1591887
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591887

reference_url	https://access.redhat.com/errata/RHSA-2018:3065
reference_id	RHSA-2018:3065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3065

fixed_packages

url	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5805

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8g8a-1egc-pbhs

url VCID-8nfh-uny2-2yay

vulnerability_id VCID-8nfh-uny2-2yay

summary libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16910

reference_id

reference_type

scores

value	0.00507
scoring_system	epss
scoring_elements	0.6617
published_at	2026-04-01T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66294
published_at	2026-04-18T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66244
published_at	2026-04-13T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66279
published_at	2026-04-16T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66211
published_at	2026-04-02T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66238
published_at	2026-04-04T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66208
published_at	2026-04-07T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66255
published_at	2026-04-08T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66268
published_at	2026-04-09T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66289
published_at	2026-04-11T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66275
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1524860
reference_id	1524860
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1524860

reference_url	https://usn.ubuntu.com/3615-1/
reference_id	USN-3615-1
reference_type
scores
url	https://usn.ubuntu.com/3615-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.6-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-16910

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nfh-uny2-2yay

url VCID-aa14-ypvj-pfen

vulnerability_id VCID-aa14-ypvj-pfen

summary

Out-of-bounds Write
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32142

reference_id

reference_type

scores

value	0.00024
scoring_system	epss
scoring_elements	0.06284
published_at	2026-04-01T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06317
published_at	2026-04-02T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06346
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.0635
published_at	2026-04-04T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.0633
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06378
published_at	2026-04-08T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.0642
published_at	2026-04-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06412
published_at	2026-04-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06406
published_at	2026-04-12T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06395
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06335
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32142

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/gtt1995

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://github.com/gtt1995

reference_url

https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49

reference_url

https://github.com/LibRaw/LibRaw/issues/400

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://github.com/LibRaw/LibRaw/issues/400

reference_url

https://www.libraw.org/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://www.libraw.org/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790
reference_id	1031790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2172004
reference_id	2172004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2172004

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/

reference_id

5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-32142
reference_id	CVE-2021-32142
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-32142

reference_url

https://www.debian.org/security/2023/dsa-5412

reference_id

dsa-5412

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://www.debian.org/security/2023/dsa-5412

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/

reference_id

E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/

reference_url

https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html

reference_url	https://access.redhat.com/errata/RHSA-2023:6343
reference_id	RHSA-2023:6343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6343

reference_url	https://access.redhat.com/errata/RHSA-2024:0343
reference_id	RHSA-2024:0343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0343

reference_url	https://access.redhat.com/errata/RHSA-2024:2994
reference_id	RHSA-2024:2994
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2994

reference_url	https://usn.ubuntu.com/6137-1/
reference_id	USN-6137-1
reference_type
scores
url	https://usn.ubuntu.com/6137-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2021-32142

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aa14-ypvj-pfen

url VCID-aakc-8r79-7bbs

vulnerability_id VCID-aakc-8r79-7bbs

summary LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5818

reference_id

reference_type

scores

value	0.00525
scoring_system	epss
scoring_elements	0.66905
published_at	2026-04-01T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.66944
published_at	2026-04-07T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.66943
published_at	2026-04-02T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.66969
published_at	2026-04-04T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.66993
published_at	2026-04-08T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.67005
published_at	2026-04-09T12:55:00Z

value	0.00525
scoring_system	epss
scoring_elements	0.67025
published_at	2026-04-11T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77703
published_at	2026-04-18T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77704
published_at	2026-04-16T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77668
published_at	2026-04-12T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77667
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5818

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html

reference_url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/
reference_id
reference_type
scores
url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/

reference_url	https://www.libraw.org/news/libraw-0-19-2-release
reference_id
reference_type
scores
url	https://www.libraw.org/news/libraw-0-19-2-release

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661608
reference_id	1661608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661608

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5818

reference_id

CVE-2018-5818

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5818

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
purl	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5818

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aakc-8r79-7bbs

url VCID-abzn-gut6-y3cz

vulnerability_id VCID-abzn-gut6-y3cz

summary

Multiple vulnerabilities have been found in LibRaw, the worst of
    which may allow attackers to execute arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24889

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76051
published_at	2026-04-01T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76054
published_at	2026-04-02T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76086
published_at	2026-04-04T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76067
published_at	2026-04-07T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.761
published_at	2026-04-08T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76114
published_at	2026-04-09T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.7614
published_at	2026-04-11T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76115
published_at	2026-04-12T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76113
published_at	2026-04-13T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76154
published_at	2026-04-16T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76157
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24889

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/334
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/334

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1882339
reference_id	1882339
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1882339

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24889
reference_id	CVE-2020-24889
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24889

reference_url	https://security.gentoo.org/glsa/202010-05
reference_id	GLSA-202010-05
reference_type
scores
url	https://security.gentoo.org/glsa/202010-05

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-24889

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abzn-gut6-y3cz

url VCID-affs-bchw-93bx

vulnerability_id VCID-affs-bchw-93bx

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6886

reference_id

reference_type

scores

value	0.0058
scoring_system	epss
scoring_elements	0.68823
published_at	2026-04-01T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68941
published_at	2026-04-18T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.6889
published_at	2026-04-13T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68931
published_at	2026-04-16T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68842
published_at	2026-04-02T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68862
published_at	2026-04-04T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68843
published_at	2026-04-07T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68892
published_at	2026-04-08T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68911
published_at	2026-04-09T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68934
published_at	2026-04-11T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68919
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6886

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1451640
reference_id	1451640
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1451640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183
reference_id	864183
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.2-2?distro=trixie
purl	pkg:deb/debian/libraw@0.18.2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-6886

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-affs-bchw-93bx

url VCID-b7yv-7e6a-nfhy

vulnerability_id VCID-b7yv-7e6a-nfhy

summary LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5802

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.71509
published_at	2026-04-01T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71516
published_at	2026-04-02T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71533
published_at	2026-04-04T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71506
published_at	2026-04-07T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71546
published_at	2026-04-08T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71558
published_at	2026-04-09T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71581
published_at	2026-04-11T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71565
published_at	2026-04-12T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71547
published_at	2026-04-13T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71593
published_at	2026-04-16T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71598
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1553335
reference_id	1553335
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1553335

reference_url	https://access.redhat.com/errata/RHSA-2018:3065
reference_id	RHSA-2018:3065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3065

reference_url	https://usn.ubuntu.com/3615-1/
reference_id	USN-3615-1
reference_type
scores
url	https://usn.ubuntu.com/3615-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5802

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yv-7e6a-nfhy

url VCID-c7f1-d627-z3dm

vulnerability_id VCID-c7f1-d627-z3dm

summary

Multiple vulnerabilities have been found in LibRaw and libkdcraw,
    the worst of which may lead to arbitrary code execution.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1438

reference_id

reference_type

scores

value	0.00479
scoring_system	epss
scoring_elements	0.64948
published_at	2026-04-01T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65069
published_at	2026-04-11T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65058
published_at	2026-04-12T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65031
published_at	2026-04-13T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.64997
published_at	2026-04-02T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65024
published_at	2026-04-04T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.64987
published_at	2026-04-07T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65037
published_at	2026-04-08T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65051
published_at	2026-04-09T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.6649
published_at	2026-04-16T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66508
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1002714
reference_id	1002714
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1002714

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231
reference_id	721231
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232
reference_id	721232
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233
reference_id	721233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236
reference_id	721236
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236

reference_url	https://security.gentoo.org/glsa/201309-09
reference_id	GLSA-201309-09
reference_type
scores
url	https://security.gentoo.org/glsa/201309-09

reference_url	https://usn.ubuntu.com/1964-1/
reference_id	USN-1964-1
reference_type
scores
url	https://usn.ubuntu.com/1964-1/

reference_url	https://usn.ubuntu.com/1978-1/
reference_id	USN-1978-1
reference_type
scores
url	https://usn.ubuntu.com/1978-1/

fixed_packages

url	pkg:deb/debian/libraw@0.15.4-1?distro=trixie
purl	pkg:deb/debian/libraw@0.15.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2013-1438

risk_score 1.0

exploitability 0.5

weighted_severity 2.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7f1-d627-z3dm

url VCID-car8-7w1p-2uhx

vulnerability_id VCID-car8-7w1p-2uhx

summary

Multiple vulnerabilities have been found in LibRaw, the worst of
    which may allow attackers to execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8367

reference_id

reference_type

scores

value	0.01731
scoring_system	epss
scoring_elements	0.82384
published_at	2026-04-01T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82457
published_at	2026-04-13T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82492
published_at	2026-04-16T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82399
published_at	2026-04-02T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82416
published_at	2026-04-04T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82413
published_at	2026-04-07T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82441
published_at	2026-04-08T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82447
published_at	2026-04-09T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82466
published_at	2026-04-11T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82461
published_at	2026-04-12T12:55:00Z

value	0.01779
scoring_system	epss
scoring_elements	0.8273
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1287076
reference_id	1287076
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1287076

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809
reference_id	806809
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809

reference_url

reference_id

AVG-92

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json

reference_url	https://security.gentoo.org/glsa/201701-60
reference_id	GLSA-201701-60
reference_type
scores
url	https://security.gentoo.org/glsa/201701-60

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.17.1-1?distro=trixie
purl	pkg:deb/debian/libraw@0.17.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2015-8367

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-car8-7w1p-2uhx

url VCID-cm22-ayty-xqes

vulnerability_id VCID-cm22-ayty-xqes

summary LibRaw: stack-based buffer overflow in LibRaw::parse_exif() and subsequently execute arbitrary code

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5809

reference_id

reference_type

scores

value	0.01917
scoring_system	epss
scoring_elements	0.83256
published_at	2026-04-01T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83272
published_at	2026-04-02T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83287
published_at	2026-04-04T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83286
published_at	2026-04-07T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.8331
published_at	2026-04-08T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83319
published_at	2026-04-09T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83335
published_at	2026-04-11T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83329
published_at	2026-04-12T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83325
published_at	2026-04-13T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.8336
published_at	2026-04-16T12:55:00Z

value	0.01917
scoring_system	epss
scoring_elements	0.83361
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661520
reference_id	1661520
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661520

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5809

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm22-ayty-xqes

url VCID-cx7p-nhr2-v3ay

vulnerability_id VCID-cx7p-nhr2-v3ay

summary LibRaw: Memory corruption in "crxFreeSubbandData()" function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35534

reference_id

reference_type

scores

value	0.00155
scoring_system	epss
scoring_elements	0.36141
published_at	2026-04-01T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36337
published_at	2026-04-02T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.3637
published_at	2026-04-04T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36205
published_at	2026-04-07T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36254
published_at	2026-04-08T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36273
published_at	2026-04-09T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36278
published_at	2026-04-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36241
published_at	2026-04-12T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36217
published_at	2026-04-13T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.3626
published_at	2026-04-16T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36244
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122360
reference_id	2122360
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122360

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-35534

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cx7p-nhr2-v3ay

url VCID-dgk8-b6fk-t7b6

vulnerability_id VCID-dgk8-b6fk-t7b6

summary LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5819

reference_id

reference_type

scores

value	0.00582
scoring_system	epss
scoring_elements	0.68874
published_at	2026-04-01T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68892
published_at	2026-04-07T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68891
published_at	2026-04-02T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68912
published_at	2026-04-04T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68942
published_at	2026-04-08T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68961
published_at	2026-04-09T12:55:00Z

value	0.00582
scoring_system	epss
scoring_elements	0.68984
published_at	2026-04-11T12:55:00Z

value	0.00892
scoring_system	epss
scoring_elements	0.75608
published_at	2026-04-18T12:55:00Z

value	0.00892
scoring_system	epss
scoring_elements	0.75605
published_at	2026-04-16T12:55:00Z

value	0.00892
scoring_system	epss
scoring_elements	0.75574
published_at	2026-04-12T12:55:00Z

value	0.00892
scoring_system	epss
scoring_elements	0.75567
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html

reference_url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/
reference_id
reference_type
scores
url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/

reference_url	https://www.libraw.org/news/libraw-0-19-2-release
reference_id
reference_type
scores
url	https://www.libraw.org/news/libraw-0-19-2-release

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661604
reference_id	1661604
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661604

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5819

reference_id

CVE-2018-5819

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5819

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
purl	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5819

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgk8-b6fk-t7b6

url VCID-fbf4-mwnn-vqdp

vulnerability_id VCID-fbf4-mwnn-vqdp

summary LibRaw: out-of-buffer access

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43963

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54155
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54262
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54185
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5416
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54212
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54208
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54258
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5424
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54219
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_id

0.21.3...0.21.4

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/

url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782
reference_id	1103782
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2361288
reference_id	2361288
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2361288

reference_url

https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964

reference_id

be26e7639ecf8beb55f124ce780e99842de2e964

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/

url

https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964

reference_url

reference_id

libraw-0-21-4-release

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json

reference_url	https://usn.ubuntu.com/7485-1/
reference_id	USN-7485-1
reference_type
scores
url	https://usn.ubuntu.com/7485-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2025-43963

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbf4-mwnn-vqdp

url VCID-feqd-qmgg-kyer

vulnerability_id VCID-feqd-qmgg-kyer

summary libRaw: NULL pointer dereference in nikon_coolscan_load_raw in internal/dcraw_common.cpp

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5812

reference_id

reference_type

scores

value	0.00508
scoring_system	epss
scoring_elements	0.6624
published_at	2026-04-01T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.6628
published_at	2026-04-02T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66306
published_at	2026-04-04T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66276
published_at	2026-04-07T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66324
published_at	2026-04-08T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66337
published_at	2026-04-09T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66357
published_at	2026-04-11T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66344
published_at	2026-04-12T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66314
published_at	2026-04-13T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66349
published_at	2026-04-16T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66365
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610486
reference_id	1610486
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610486

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5812

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feqd-qmgg-kyer

url VCID-g76c-qem2-pyeq

vulnerability_id VCID-g76c-qem2-pyeq

summary libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14348

reference_id

reference_type

scores

value	0.0042
scoring_system	epss
scoring_elements	0.61966
published_at	2026-04-18T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73723
published_at	2026-04-01T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73779
published_at	2026-04-12T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.7377
published_at	2026-04-13T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73812
published_at	2026-04-16T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73732
published_at	2026-04-02T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73756
published_at	2026-04-04T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73726
published_at	2026-04-07T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73761
published_at	2026-04-08T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73775
published_at	2026-04-09T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.73797
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/100
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/100

reference_url	http://www.securityfocus.com/bid/100866
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100866

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1492121
reference_id	1492121
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1492121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14348

reference_id

CVE-2017-14348

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14348

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-14348

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g76c-qem2-pyeq

url VCID-gfwy-pxzr-gqa6

vulnerability_id VCID-gfwy-pxzr-gqa6

summary LibRaw: out-of-bounds read in nikon_coolscan_load_raw in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5811

reference_id

reference_type

scores

value	0.00507
scoring_system	epss
scoring_elements	0.6617
published_at	2026-04-01T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66211
published_at	2026-04-02T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66238
published_at	2026-04-04T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66208
published_at	2026-04-07T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66255
published_at	2026-04-08T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66268
published_at	2026-04-09T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66289
published_at	2026-04-11T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66275
published_at	2026-04-12T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66244
published_at	2026-04-13T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66279
published_at	2026-04-16T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66294
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5811

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610483
reference_id	1610483
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610483

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5811

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwy-pxzr-gqa6

url VCID-h27f-krz7-bkdv

vulnerability_id VCID-h27f-krz7-bkdv

summary libraw: Out-of-bounds read in the kodak_65000_load_raw function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14608

reference_id

reference_type

scores

value	0.00316
scoring_system	epss
scoring_elements	0.54612
published_at	2026-04-01T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54737
published_at	2026-04-18T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54722
published_at	2026-04-09T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54735
published_at	2026-04-16T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54719
published_at	2026-04-12T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54697
published_at	2026-04-13T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54682
published_at	2026-04-02T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54704
published_at	2026-04-04T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54674
published_at	2026-04-07T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.54726
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21

reference_url	https://github.com/LibRaw/LibRaw/issues/101
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/101

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1499687
reference_id	1499687
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1499687

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14608

reference_id

CVE-2017-14608

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14608

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-14608

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h27f-krz7-bkdv

url VCID-h8wv-qjp1-abe5

vulnerability_id VCID-h8wv-qjp1-abe5

summary LibRaw: out-of-bounds read in samsung_load_raw in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5807

reference_id

reference_type

scores

value	0.00481
scoring_system	epss
scoring_elements	0.65024
published_at	2026-04-01T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65075
published_at	2026-04-02T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65101
published_at	2026-04-04T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65065
published_at	2026-04-07T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65113
published_at	2026-04-08T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65127
published_at	2026-04-09T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65146
published_at	2026-04-11T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65136
published_at	2026-04-12T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65108
published_at	2026-04-13T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65145
published_at	2026-04-16T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65154
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5807

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610469
reference_id	1610469
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610469

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5807

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8wv-qjp1-abe5

url VCID-hqh8-vz5n-23c9

vulnerability_id VCID-hqh8-vz5n-23c9

summary libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-22628

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.25313
published_at	2026-04-09T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25386
published_at	2026-04-02T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.2524
published_at	2026-04-16T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25324
published_at	2026-04-11T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25283
published_at	2026-04-12T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.2523
published_at	2026-04-18T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25422
published_at	2026-04-04T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25198
published_at	2026-04-07T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25268
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-22628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2234992
reference_id	2234992
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2234992

reference_url

https://github.com/LibRaw/LibRaw/issues/269

reference_id

269

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/

url

https://github.com/LibRaw/LibRaw/issues/269

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html

reference_id

msg00007.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html

reference_url	https://usn.ubuntu.com/6377-1/
reference_id	USN-6377-1
reference_type
scores
url	https://usn.ubuntu.com/6377-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-22628

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqh8-vz5n-23c9

url VCID-hsza-kpb5-vqb9

vulnerability_id VCID-hsza-kpb5-vqb9

summary LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10528

reference_id

reference_type

scores

value	0.0194
scoring_system	epss
scoring_elements	0.83356
published_at	2026-04-01T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83459
published_at	2026-04-18T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83427
published_at	2026-04-12T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83422
published_at	2026-04-13T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83458
published_at	2026-04-16T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83369
published_at	2026-04-02T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83384
published_at	2026-04-07T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83408
published_at	2026-04-08T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83418
published_at	2026-04-09T12:55:00Z

value	0.0194
scoring_system	epss
scoring_elements	0.83432
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528

reference_url	https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3

reference_url	https://github.com/LibRaw/LibRaw/issues/144
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/144

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1574313
reference_id	1574313
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1574313

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185
reference_id	897185
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185

reference_url	https://security.archlinux.org/ASA-201805-2
reference_id	ASA-201805-2
reference_type
scores
url	https://security.archlinux.org/ASA-201805-2

reference_url

reference_id

AVG-681

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10528

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:::::::*
reference_id	cpe:2.3:a:libraw:libraw:0.18.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

reference_id

CVE-2018-10528

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10528

reference_url	https://usn.ubuntu.com/3639-1/
reference_id	USN-3639-1
reference_type
scores
url	https://usn.ubuntu.com/3639-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-10528

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsza-kpb5-vqb9

url VCID-hxsy-1dx6-fker

vulnerability_id VCID-hxsy-1dx6-fker

summary

Multiple vulnerabilities have been found in LibRaw and libkdcraw,
    the worst of which may lead to arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2127

reference_id

reference_type

scores

value	0.00923
scoring_system	epss
scoring_elements	0.75935
published_at	2026-04-01T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75938
published_at	2026-04-02T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75971
published_at	2026-04-04T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.7595
published_at	2026-04-07T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75983
published_at	2026-04-08T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75997
published_at	2026-04-09T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76022
published_at	2026-04-11T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75998
published_at	2026-04-12T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75992
published_at	2026-04-13T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76032
published_at	2026-04-16T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76034
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2127

reference_url	https://security.gentoo.org/glsa/201309-09
reference_id	GLSA-201309-09
reference_type
scores
url	https://security.gentoo.org/glsa/201309-09

fixed_packages

url	pkg:deb/debian/libraw@0?distro=trixie
purl	pkg:deb/debian/libraw@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2013-2127

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxsy-1dx6-fker

url VCID-k9d9-tfcf-byf3

vulnerability_id VCID-k9d9-tfcf-byf3

summary LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5800

reference_id

reference_type

scores

value	0.01483
scoring_system	epss
scoring_elements	0.80946
published_at	2026-04-01T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.80955
published_at	2026-04-02T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.80977
published_at	2026-04-04T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.80976
published_at	2026-04-07T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81004
published_at	2026-04-08T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81011
published_at	2026-04-09T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81027
published_at	2026-04-11T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81014
published_at	2026-04-12T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81006
published_at	2026-04-13T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81044
published_at	2026-04-16T12:55:00Z

value	0.01483
scoring_system	epss
scoring_elements	0.81045
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1553332
reference_id	1553332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1553332

reference_url	https://access.redhat.com/errata/RHSA-2018:3065
reference_id	RHSA-2018:3065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3065

reference_url	https://usn.ubuntu.com/3615-1/
reference_id	USN-3615-1
reference_type
scores
url	https://usn.ubuntu.com/3615-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5800

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9d9-tfcf-byf3

url VCID-knwc-32r8-b7cu

vulnerability_id VCID-knwc-32r8-b7cu

summary LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5806

reference_id

reference_type

scores

value	0.0039
scoring_system	epss
scoring_elements	0.59951
published_at	2026-04-01T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60029
published_at	2026-04-02T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60053
published_at	2026-04-04T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60024
published_at	2026-04-07T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60074
published_at	2026-04-08T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60088
published_at	2026-04-09T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60109
published_at	2026-04-11T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60094
published_at	2026-04-12T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66365
published_at	2026-04-18T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66314
published_at	2026-04-13T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66349
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591897
reference_id	1591897
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591897

reference_url	https://access.redhat.com/errata/RHSA-2018:3065
reference_id	RHSA-2018:3065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3065

fixed_packages

url	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5806

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knwc-32r8-b7cu

url VCID-m4v4-63we-dqex

vulnerability_id VCID-m4v4-63we-dqex

summary LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10529

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.60973
published_at	2026-04-01T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61145
published_at	2026-04-18T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61116
published_at	2026-04-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61098
published_at	2026-04-13T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61139
published_at	2026-04-16T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61051
published_at	2026-04-02T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61079
published_at	2026-04-04T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61045
published_at	2026-04-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61093
published_at	2026-04-08T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61109
published_at	2026-04-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.6113
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529

reference_url	https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c

reference_url	https://github.com/LibRaw/LibRaw/issues/144
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/144

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1574325
reference_id	1574325
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1574325

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186
reference_id	897186
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186

reference_url	https://security.archlinux.org/ASA-201805-2
reference_id	ASA-201805-2
reference_type
scores
url	https://security.archlinux.org/ASA-201805-2

reference_url

reference_id

AVG-681

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10529

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:::::::*
reference_id	cpe:2.3:a:libraw:libraw:0.18.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

reference_id

CVE-2018-10529

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10529

reference_url	https://usn.ubuntu.com/3639-1/
reference_id	USN-3639-1
reference_type
scores
url	https://usn.ubuntu.com/3639-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-10529

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4v4-63we-dqex

url VCID-mkyj-pu8d-kbbu

vulnerability_id VCID-mkyj-pu8d-kbbu

summary LibRaw: DoS in unpacked_load_raw function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5817

reference_id

reference_type

scores

value	0.01167
scoring_system	epss
scoring_elements	0.7859
published_at	2026-04-01T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78667
published_at	2026-04-18T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78647
published_at	2026-04-12T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.7864
published_at	2026-04-13T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78669
published_at	2026-04-16T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78597
published_at	2026-04-02T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78628
published_at	2026-04-04T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78609
published_at	2026-04-07T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78634
published_at	2026-04-08T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78641
published_at	2026-04-09T12:55:00Z

value	0.01167
scoring_system	epss
scoring_elements	0.78665
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5817

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html

reference_url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/
reference_id
reference_type
scores
url	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/

reference_url	https://www.libraw.org/news/libraw-0-19-2-release
reference_id
reference_type
scores
url	https://www.libraw.org/news/libraw-0-19-2-release

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661612
reference_id	1661612
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661612

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5817

reference_id

CVE-2018-5817

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5817

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
purl	pkg:deb/debian/libraw@0.19.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5817

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyj-pu8d-kbbu

url VCID-n8g7-9k7s-17g3

vulnerability_id VCID-n8g7-9k7s-17g3

summary LibRaw: stack-based buffer overflow in find_green() leads to arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5808

reference_id

reference_type

scores

value	0.02316
scoring_system	epss
scoring_elements	0.84711
published_at	2026-04-01T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84727
published_at	2026-04-02T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84746
published_at	2026-04-04T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84748
published_at	2026-04-07T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.8477
published_at	2026-04-08T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84777
published_at	2026-04-09T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84795
published_at	2026-04-11T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84791
published_at	2026-04-12T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84785
published_at	2026-04-13T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84807
published_at	2026-04-16T12:55:00Z

value	0.02316
scoring_system	epss
scoring_elements	0.84808
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5808

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661518
reference_id	1661518
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661518

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5808

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8g7-9k7s-17g3

url VCID-n9u1-b4b8-sqft

vulnerability_id VCID-n9u1-b4b8-sqft

summary LibRaw: Out of bounds write in new_node() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35530

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08119
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08178
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08233
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08182
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08246
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08265
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08257
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08237
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0822
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08114
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.081
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35530

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122339
reference_id	2122339
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122339

reference_url	https://usn.ubuntu.com/5715-1/
reference_id	USN-5715-1
reference_type
scores
url	https://usn.ubuntu.com/5715-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-35530

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9u1-b4b8-sqft

url VCID-ngzk-excs-akbw

vulnerability_id VCID-ngzk-excs-akbw

summary

Multiple vulnerabilities have been found in LibRaw and libkdcraw,
    the worst of which may lead to arbitrary code execution.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1439

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.64787
published_at	2026-04-01T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64837
published_at	2026-04-02T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64864
published_at	2026-04-04T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64827
published_at	2026-04-07T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64877
published_at	2026-04-08T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64891
published_at	2026-04-09T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64908
published_at	2026-04-16T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64899
published_at	2026-04-12T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64871
published_at	2026-04-13T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.64919
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1002714
reference_id	1002714
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1002714

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338
reference_id	721338
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339
reference_id	721339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339

reference_url	https://security.gentoo.org/glsa/201309-09
reference_id	GLSA-201309-09
reference_type
scores
url	https://security.gentoo.org/glsa/201309-09

reference_url	https://usn.ubuntu.com/1964-1/
reference_id	USN-1964-1
reference_type
scores
url	https://usn.ubuntu.com/1964-1/

reference_url	https://usn.ubuntu.com/1978-1/
reference_id	USN-1978-1
reference_type
scores
url	https://usn.ubuntu.com/1978-1/

fixed_packages

url	pkg:deb/debian/libraw@0.15.4-1?distro=trixie
purl	pkg:deb/debian/libraw@0.15.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2013-1439

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngzk-excs-akbw

url VCID-njj5-wx27-xqd4

vulnerability_id VCID-njj5-wx27-xqd4

summary LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20337

reference_id

reference_type

scores

value	0.00363
scoring_system	epss
scoring_elements	0.58244
published_at	2026-04-01T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58396
published_at	2026-04-18T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58379
published_at	2026-04-12T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.5836
published_at	2026-04-13T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58392
published_at	2026-04-16T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58331
published_at	2026-04-02T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.5835
published_at	2026-04-04T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58325
published_at	2026-04-07T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58377
published_at	2026-04-08T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58383
published_at	2026-04-09T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58401
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20337

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/192
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/192

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661555
reference_id	1661555
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661555

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080
reference_id	917080
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:::::::*
reference_id	cpe:2.3:a:libraw:libraw:0.19.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20337

reference_id

CVE-2018-20337

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20337

reference_url	https://access.redhat.com/errata/RHSA-2020:1766
reference_id	RHSA-2020:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1766

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.2-1?distro=trixie
purl	pkg:deb/debian/libraw@0.19.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-20337

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njj5-wx27-xqd4

url VCID-nnw4-axam-qbb2

vulnerability_id VCID-nnw4-axam-qbb2

summary LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5801

reference_id

reference_type

scores

value	0.01111
scoring_system	epss
scoring_elements	0.78092
published_at	2026-04-01T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78101
published_at	2026-04-02T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78131
published_at	2026-04-04T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78113
published_at	2026-04-07T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.7814
published_at	2026-04-08T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78146
published_at	2026-04-09T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78171
published_at	2026-04-11T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78153
published_at	2026-04-12T12:55:00Z

value	0.01527
scoring_system	epss
scoring_elements	0.81329
published_at	2026-04-18T12:55:00Z

value	0.01527
scoring_system	epss
scoring_elements	0.81289
published_at	2026-04-13T12:55:00Z

value	0.01527
scoring_system	epss
scoring_elements	0.81326
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1553334
reference_id	1553334
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1553334

reference_url	https://access.redhat.com/errata/RHSA-2018:3065
reference_id	RHSA-2018:3065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3065

reference_url	https://usn.ubuntu.com/3615-1/
reference_id	USN-3615-1
reference_type
scores
url	https://usn.ubuntu.com/3615-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5801

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnw4-axam-qbb2

url VCID-npjj-h25x-c7ge

vulnerability_id VCID-npjj-h25x-c7ge

summary LibRaw: Out-of-bounds read in get_huffman_diff() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35531

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08119
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08178
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08233
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08182
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08246
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08265
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08257
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08237
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0822
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08114
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.081
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122356
reference_id	2122356
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122356

reference_url	https://usn.ubuntu.com/5715-1/
reference_id	USN-5715-1
reference_type
scores
url	https://usn.ubuntu.com/5715-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-35531

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npjj-h25x-c7ge

url VCID-pknf-eqgp-nqba

vulnerability_id VCID-pknf-eqgp-nqba

summary LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5804

reference_id

reference_type

scores

value	0.00314
scoring_system	epss
scoring_elements	0.54453
published_at	2026-04-01T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54529
published_at	2026-04-02T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54552
published_at	2026-04-04T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54521
published_at	2026-04-07T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54573
published_at	2026-04-08T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54567
published_at	2026-04-09T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54579
published_at	2026-04-11T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54561
published_at	2026-04-12T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.5454
published_at	2026-04-13T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54577
published_at	2026-04-16T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54578
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591879
reference_id	1591879
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591879

fixed_packages

url	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5804

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pknf-eqgp-nqba

url VCID-pnd8-8z2d-4bh3

vulnerability_id VCID-pnd8-8z2d-4bh3

summary LibRaw: lack of thumbnail size range check can lead to buffer overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15503

reference_id

reference_type

scores

value	0.0387
scoring_system	epss
scoring_elements	0.88169
published_at	2026-04-01T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88178
published_at	2026-04-02T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88194
published_at	2026-04-04T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88199
published_at	2026-04-07T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88219
published_at	2026-04-08T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88225
published_at	2026-04-09T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88236
published_at	2026-04-11T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88229
published_at	2026-04-12T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88228
published_at	2026-04-13T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88242
published_at	2026-04-16T12:55:00Z

value	0.0387
scoring_system	epss
scoring_elements	0.88241
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1853477
reference_id	1853477
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1853477

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747
reference_id	964747
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-15503
reference_id	CVE-2020-15503
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-15503

reference_url	https://access.redhat.com/errata/RHSA-2020:4451
reference_id	RHSA-2020:4451
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4451

reference_url	https://usn.ubuntu.com/5715-1/
reference_id	USN-5715-1
reference_type
scores
url	https://usn.ubuntu.com/5715-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
purl	pkg:deb/debian/libraw@0.20.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-15503

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnd8-8z2d-4bh3

url VCID-qncn-bvgd-r3eq

vulnerability_id VCID-qncn-bvgd-r3eq

summary

Multiple vulnerabilities have been found in LibRaw and libkdcraw,
    the worst of which may lead to arbitrary code execution.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2126

reference_id

reference_type

scores

value	0.03225
scoring_system	epss
scoring_elements	0.87006
published_at	2026-04-01T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87017
published_at	2026-04-02T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87036
published_at	2026-04-04T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87029
published_at	2026-04-07T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87049
published_at	2026-04-08T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87056
published_at	2026-04-09T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.8707
published_at	2026-04-11T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87064
published_at	2026-04-12T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87059
published_at	2026-04-13T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87075
published_at	2026-04-16T12:55:00Z

value	0.03225
scoring_system	epss
scoring_elements	0.87079
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353
reference_id	710353
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316
reference_id	711316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=968385
reference_id	968385
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=968385

reference_url	https://security.gentoo.org/glsa/201309-09
reference_id	GLSA-201309-09
reference_type
scores
url	https://security.gentoo.org/glsa/201309-09

reference_url	https://usn.ubuntu.com/1884-1/
reference_id	USN-1884-1
reference_type
scores
url	https://usn.ubuntu.com/1884-1/

reference_url	https://usn.ubuntu.com/1885-1/
reference_id	USN-1885-1
reference_type
scores
url	https://usn.ubuntu.com/1885-1/

fixed_packages

url	pkg:deb/debian/libraw@0.15.3-1?distro=trixie
purl	pkg:deb/debian/libraw@0.15.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.3-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2013-2126

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qncn-bvgd-r3eq

url VCID-s2hb-xe27-ryeq

vulnerability_id VCID-s2hb-xe27-ryeq

summary libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16909

reference_id

reference_type

scores

value	0.00571
scoring_system	epss
scoring_elements	0.68575
published_at	2026-04-01T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68689
published_at	2026-04-18T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68639
published_at	2026-04-13T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68678
published_at	2026-04-16T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68593
published_at	2026-04-02T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68611
published_at	2026-04-04T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68589
published_at	2026-04-07T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.6864
published_at	2026-04-08T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68658
published_at	2026-04-09T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68682
published_at	2026-04-11T12:55:00Z

value	0.00571
scoring_system	epss
scoring_elements	0.68668
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1524859
reference_id	1524859
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1524859

reference_url	https://usn.ubuntu.com/3615-1/
reference_id	USN-3615-1
reference_type
scores
url	https://usn.ubuntu.com/3615-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.6-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-16909

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s2hb-xe27-ryeq

url VCID-sptp-9b5b-r7gq

vulnerability_id VCID-sptp-9b5b-r7gq

summary LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5816

reference_id

reference_type

scores

value	0.00622
scoring_system	epss
scoring_elements	0.7002
published_at	2026-04-01T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70032
published_at	2026-04-02T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70047
published_at	2026-04-04T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70023
published_at	2026-04-07T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70071
published_at	2026-04-08T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70087
published_at	2026-04-09T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70111
published_at	2026-04-11T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70097
published_at	2026-04-12T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70084
published_at	2026-04-13T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70127
published_at	2026-04-16T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70136
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5816

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610156
reference_id	1610156
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610156

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.13-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5816

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sptp-9b5b-r7gq

url VCID-tb2p-ef7f-f7cj

vulnerability_id VCID-tb2p-ef7f-f7cj

summary libraw: Heap-based buffer overflow in LibRaw::raw2image() resulting in a denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20365

reference_id

reference_type

scores

value	0.00445
scoring_system	epss
scoring_elements	0.63343
published_at	2026-04-01T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63471
published_at	2026-04-18T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63466
published_at	2026-04-12T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.6343
published_at	2026-04-13T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63463
published_at	2026-04-16T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63403
published_at	2026-04-02T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63429
published_at	2026-04-04T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63395
published_at	2026-04-07T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63447
published_at	2026-04-08T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63464
published_at	2026-04-09T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63482
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/195
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/195

reference_url	http://www.securityfocus.com/bid/106299
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106299

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1663964
reference_id	1663964
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1663964

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111
reference_id	917111
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20365

reference_id

CVE-2018-20365

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20365

reference_url	https://usn.ubuntu.com/3989-1/
reference_id	USN-3989-1
reference_type
scores
url	https://usn.ubuntu.com/3989-1/

fixed_packages

url	pkg:deb/debian/libraw@0.19.2-2?distro=trixie
purl	pkg:deb/debian/libraw@0.19.2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-20365

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tb2p-ef7f-f7cj

url VCID-th8h-py4c-47da

vulnerability_id VCID-th8h-py4c-47da

summary

Out-of-bounds Write
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1729

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19558
published_at	2026-04-02T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19604
published_at	2026-04-04T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19325
published_at	2026-04-07T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19403
published_at	2026-04-08T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19454
published_at	2026-04-09T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19459
published_at	2026-04-11T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19411
published_at	2026-04-12T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19354
published_at	2026-04-13T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19315
published_at	2026-04-16T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19322
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1729

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2188240
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2188240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/557
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/557

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281
reference_id	1036281
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-1729
reference_id	CVE-2023-1729
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-1729

reference_url	https://security.gentoo.org/glsa/202312-08
reference_id	GLSA-202312-08
reference_type
scores
url	https://security.gentoo.org/glsa/202312-08

reference_url	https://access.redhat.com/errata/RHSA-2024:2137
reference_id	RHSA-2024:2137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2137

reference_url	https://usn.ubuntu.com/6137-1/
reference_id	USN-6137-1
reference_type
scores
url	https://usn.ubuntu.com/6137-1/

reference_url	https://usn.ubuntu.com/7266-1/
reference_id	USN-7266-1
reference_type
scores
url	https://usn.ubuntu.com/7266-1/

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2023-1729

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th8h-py4c-47da

url VCID-u8vk-5w4q-4baj

vulnerability_id VCID-u8vk-5w4q-4baj

summary LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15365

reference_id

reference_type

scores

value	0.00284
scoring_system	epss
scoring_elements	0.51731
published_at	2026-04-01T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51781
published_at	2026-04-02T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51806
published_at	2026-04-04T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51767
published_at	2026-04-07T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51822
published_at	2026-04-08T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51819
published_at	2026-04-09T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5187
published_at	2026-04-11T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5185
published_at	2026-04-12T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51835
published_at	2026-04-13T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51877
published_at	2026-04-16T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51883
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15365

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1852093
reference_id	1852093
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1852093

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-15365
reference_id	CVE-2020-15365
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-15365

fixed_packages

url	pkg:deb/debian/libraw@0?distro=trixie
purl	pkg:deb/debian/libraw@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-15365

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8vk-5w4q-4baj

url VCID-urry-mwtn-9ua4

vulnerability_id VCID-urry-mwtn-9ua4

summary A buffer overread in LibRaw might allow an attacker to cause denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24870

reference_id

reference_type

scores

value	0.00581
scoring_system	epss
scoring_elements	0.68831
published_at	2026-04-01T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68849
published_at	2026-04-02T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.6887
published_at	2026-04-04T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.6885
published_at	2026-04-07T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.689
published_at	2026-04-08T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68919
published_at	2026-04-09T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68942
published_at	2026-04-11T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68927
published_at	2026-04-12T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68898
published_at	2026-04-13T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68939
published_at	2026-04-16T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.68949
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24870

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1928794
reference_id	1928794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1928794

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24870
reference_id	CVE-2020-24870
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24870

reference_url	https://security.gentoo.org/glsa/202208-07
reference_id	GLSA-202208-07
reference_type
scores
url	https://security.gentoo.org/glsa/202208-07

reference_url	https://access.redhat.com/errata/RHSA-2021:4381
reference_id	RHSA-2021:4381
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4381

fixed_packages

url	pkg:deb/debian/libraw@0.20.2-1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2020-24870

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urry-mwtn-9ua4

url VCID-v4se-wza6-a3dt

vulnerability_id VCID-v4se-wza6-a3dt

summary libRaw: heap-based buffer overflow in rollei_load_raw in internal/dcraw_common.cpp

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5810

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.65977
published_at	2026-04-01T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66019
published_at	2026-04-02T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66047
published_at	2026-04-04T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66015
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66064
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66077
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66096
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66083
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66053
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66088
published_at	2026-04-16T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66102
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1610479
reference_id	1610479
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1610479

reference_url	https://usn.ubuntu.com/3838-1/
reference_id	USN-3838-1
reference_type
scores
url	https://usn.ubuntu.com/3838-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2018-5810

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4se-wza6-a3dt

url VCID-wgdh-xnty-mbga

vulnerability_id VCID-wgdh-xnty-mbga

summary libraw: Stack based buffer overflow in the xtrans_interpolate function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14265

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76152
published_at	2026-04-18T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76062
published_at	2026-04-07T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76095
published_at	2026-04-08T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76109
published_at	2026-04-09T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76134
published_at	2026-04-11T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.7611
published_at	2026-04-12T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76107
published_at	2026-04-13T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76148
published_at	2026-04-16T12:55:00Z

value	0.01644
scoring_system	epss
scoring_elements	0.81894
published_at	2026-04-01T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82415
published_at	2026-04-04T12:55:00Z

value	0.01731
scoring_system	epss
scoring_elements	0.82397
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/LibRaw/LibRaw/issues/99
reference_id
reference_type
scores
url	https://github.com/LibRaw/LibRaw/issues/99

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1494405
reference_id	1494405
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1494405

reference_url	https://security.archlinux.org/ASA-201709-18
reference_id	ASA-201709-18
reference_type
scores
url	https://security.archlinux.org/ASA-201709-18

reference_url

reference_id

AVG-410

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14265

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::
reference_id	cpe:2.3:a:libraw:libraw::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw::::::::

reference_url

reference_id

CVE-2017-14265

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14265

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
purl	pkg:deb/debian/libraw@0.18.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2017-14265

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdh-xnty-mbga

url VCID-xswq-6aae-nqfb

vulnerability_id VCID-xswq-6aae-nqfb

summary

A buffer overflow in DCRaw might allow remote attackers to cause a
    Denial of Service condition.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3885

reference_id

reference_type

scores

value	0.03564
scoring_system	epss
scoring_elements	0.87727
published_at	2026-04-18T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87659
published_at	2026-04-01T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87669
published_at	2026-04-02T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87682
published_at	2026-04-04T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87683
published_at	2026-04-07T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87704
published_at	2026-04-08T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.8771
published_at	2026-04-09T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87721
published_at	2026-04-11T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87715
published_at	2026-04-12T12:55:00Z

value	0.03564
scoring_system	epss
scoring_elements	0.87713
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:N/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1221249
reference_id	1221249
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1221249

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019
reference_id	785019
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785
reference_id	786785
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788
reference_id	786788
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790
reference_id	786790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792
reference_id	786792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299
reference_id	792299
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299

reference_url	https://security.gentoo.org/glsa/201701-54
reference_id	GLSA-201701-54
reference_type
scores
url	https://security.gentoo.org/glsa/201701-54

reference_url	https://security.gentoo.org/glsa/201701-60
reference_id	GLSA-201701-60
reference_type
scores
url	https://security.gentoo.org/glsa/201701-60

reference_url	https://security.gentoo.org/glsa/201706-17
reference_id	GLSA-201706-17
reference_type
scores
url	https://security.gentoo.org/glsa/201706-17

reference_url	https://usn.ubuntu.com/3492-1/
reference_id	USN-3492-1
reference_type
scores
url	https://usn.ubuntu.com/3492-1/

fixed_packages

url	pkg:deb/debian/libraw@0.16.2-1?distro=trixie
purl	pkg:deb/debian/libraw@0.16.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.16.2-1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
purl	pkg:deb/debian/libraw@0.21.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie

url	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
purl	pkg:deb/debian/libraw@0.21.5b-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie

aliases CVE-2015-3885

risk_score 0.8

exploitability 0.5

weighted_severity 1.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xswq-6aae-nqfb

url VCID-y455-nxwt-7ygd

vulnerability_id VCID-y455-nxwt-7ygd

summary LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43961

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54155
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54262
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54185
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5416
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54212
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54208
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54258
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5424
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54219
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_id

0.21.3...0.21.4

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/

url

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781
reference_id	1103781
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2361283
reference_id	2361283
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2361283

reference_url

https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2

reference_id

66fe663e02a4dd610b4e832f5d9af326709336c2

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/

url

https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2

reference_url

reference_id

libraw-0-21-4-release

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/

url