Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
Typedeb
Namespacedebian
Nametiff
Version4.5.1~rc3-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.5.1+git230720-1
Latest_non_vulnerable_version4.7.1-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6dt6-ppka-b3ct
vulnerability_id VCID-6dt6-ppka-b3ct
summary 
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26966
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07323
published_at 2026-04-21T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07297
published_at 2026-04-11T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07283
published_at 2026-04-12T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07273
published_at 2026-04-13T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07203
published_at 2026-04-16T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07198
published_at 2026-04-18T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07241
published_at 2026-04-04T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.0722
published_at 2026-04-07T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07274
published_at 2026-04-08T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07301
published_at 2026-04-09T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.08031
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26966
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gitlab.com/libtiff/libtiff/-/issues/530
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/
url https://gitlab.com/libtiff/libtiff/-/issues/530
5
reference_url https://gitlab.com/libtiff/libtiff/-/merge_requests/473
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/
url https://gitlab.com/libtiff/libtiff/-/merge_requests/473
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2218749
reference_id 2218749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2218749
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26966
reference_id CVE-2023-26966
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-26966
8
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
9
reference_url https://access.redhat.com/errata/RHSA-2023:6575
reference_id RHSA-2023:6575
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6575
10
reference_url https://usn.ubuntu.com/6229-1/
reference_id USN-6229-1
reference_type
scores
url https://usn.ubuntu.com/6229-1/
11
reference_url https://usn.ubuntu.com/6290-1/
reference_id USN-6290-1
reference_type
scores
url https://usn.ubuntu.com/6290-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u6%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
7
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-26966
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt6-ppka-b3ct
1
url VCID-k8kt-55y9-qyac
vulnerability_id VCID-k8kt-55y9-qyac
summary 
NULL Pointer Dereference
A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2908
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0239
published_at 2026-04-21T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02312
published_at 2026-04-02T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02318
published_at 2026-04-04T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02314
published_at 2026-04-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02317
published_at 2026-04-08T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02339
published_at 2026-04-09T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02321
published_at 2026-04-11T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02307
published_at 2026-04-12T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02305
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02289
published_at 2026-04-16T12:55:00Z
10
value 0.00013
scoring_system epss
scoring_elements 0.02294
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2908
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2218830
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2218830
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
6
reference_url https://gitlab.com/libtiff/libtiff/-/merge_requests/479
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://gitlab.com/libtiff/libtiff/-/merge_requests/479
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
11
reference_url https://access.redhat.com/security/cve/CVE-2023-2908
reference_id CVE-2023-2908
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://access.redhat.com/security/cve/CVE-2023-2908
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2908
reference_id CVE-2023-2908
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2908
13
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
14
reference_url https://security.netapp.com/advisory/ntap-20230731-0004/
reference_id ntap-20230731-0004
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/
url https://security.netapp.com/advisory/ntap-20230731-0004/
15
reference_url https://usn.ubuntu.com/6290-1/
reference_id USN-6290-1
reference_type
scores
url https://usn.ubuntu.com/6290-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u6%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
7
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-2908
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kt-55y9-qyac
2
url VCID-ndwc-beev-43ck
vulnerability_id VCID-ndwc-beev-43ck
summary 
Out-of-bounds Write
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26965
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00733
published_at 2026-04-02T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.0073
published_at 2026-04-04T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00736
published_at 2026-04-07T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00735
published_at 2026-04-08T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00726
published_at 2026-04-09T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.00844
published_at 2026-04-21T12:55:00Z
6
value 9e-05
scoring_system epss
scoring_elements 0.00796
published_at 2026-04-13T12:55:00Z
7
value 9e-05
scoring_system epss
scoring_elements 0.00801
published_at 2026-04-11T12:55:00Z
8
value 9e-05
scoring_system epss
scoring_elements 0.00795
published_at 2026-04-16T12:55:00Z
9
value 9e-05
scoring_system epss
scoring_elements 0.008
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gitlab.com/libtiff/libtiff/-/merge_requests/472
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/
url https://gitlab.com/libtiff/libtiff/-/merge_requests/472
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215206
reference_id 2215206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2215206
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26965
reference_id CVE-2023-26965
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-26965
7
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
8
reference_url https://security.netapp.com/advisory/ntap-20230706-0009/
reference_id ntap-20230706-0009
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/
url https://security.netapp.com/advisory/ntap-20230706-0009/
9
reference_url https://access.redhat.com/errata/RHSA-2023:6575
reference_id RHSA-2023:6575
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6575
10
reference_url https://usn.ubuntu.com/6229-1/
reference_id USN-6229-1
reference_type
scores
url https://usn.ubuntu.com/6229-1/
11
reference_url https://usn.ubuntu.com/6290-1/
reference_id USN-6290-1
reference_type
scores
url https://usn.ubuntu.com/6290-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u6%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
7
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-26965
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck
3
url VCID-pkdx-ktz1-mbbg
vulnerability_id VCID-pkdx-ktz1-mbbg
summary 
Missing Release of Memory after Effective Lifetime
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3576
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05679
published_at 2026-04-02T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05721
published_at 2026-04-04T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05715
published_at 2026-04-07T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05754
published_at 2026-04-08T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05781
published_at 2026-04-09T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.0575
published_at 2026-04-12T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05745
published_at 2026-04-13T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.057
published_at 2026-04-16T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05758
published_at 2026-04-11T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06185
published_at 2026-04-18T12:55:00Z
10
value 0.00023
scoring_system epss
scoring_elements 0.06335
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3576
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2219340
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2219340
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://access.redhat.com/security/cve/CVE-2023-3576
reference_id CVE-2023-3576
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2023-3576
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3576
reference_id CVE-2023-3576
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3576
9
reference_url https://access.redhat.com/errata/RHSA-2023:6575
reference_id RHSA-2023:6575
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6575
10
reference_url https://usn.ubuntu.com/6512-1/
reference_id USN-6512-1
reference_type
scores
url https://usn.ubuntu.com/6512-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-3576
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg
4
url VCID-v4rx-c1w4-pbb3
vulnerability_id VCID-v4rx-c1w4-pbb3
summary 
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3618
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43964
published_at 2026-04-21T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44003
published_at 2026-04-02T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44026
published_at 2026-04-04T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.43957
published_at 2026-04-07T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44008
published_at 2026-04-08T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.4401
published_at 2026-04-09T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44025
published_at 2026-04-11T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43993
published_at 2026-04-12T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.43977
published_at 2026-04-13T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44039
published_at 2026-04-16T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.4403
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3618
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215865
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2215865
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e
reference_id
reference_type
scores
url https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945
reference_id 1040945
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
11
reference_url https://access.redhat.com/security/cve/CVE-2023-3618
reference_id CVE-2023-3618
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://access.redhat.com/security/cve/CVE-2023-3618
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3618
reference_id CVE-2023-3618
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3618
13
reference_url https://support.apple.com/kb/HT214036
reference_id HT214036
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://support.apple.com/kb/HT214036
14
reference_url https://support.apple.com/kb/HT214037
reference_id HT214037
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://support.apple.com/kb/HT214037
15
reference_url https://support.apple.com/kb/HT214038
reference_id HT214038
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://support.apple.com/kb/HT214038
16
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
17
reference_url https://security.netapp.com/advisory/ntap-20230824-0012/
reference_id ntap-20230824-0012
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/
url https://security.netapp.com/advisory/ntap-20230824-0012/
18
reference_url https://access.redhat.com/errata/RHSA-2024:2289
reference_id RHSA-2024:2289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2289
19
reference_url https://usn.ubuntu.com/6290-1/
reference_id USN-6290-1
reference_type
scores
url https://usn.ubuntu.com/6290-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u6%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
7
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-3618
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rx-c1w4-pbb3
5
url VCID-z1vf-mhw2-ducs
vulnerability_id VCID-z1vf-mhw2-ducs
summary 
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25433
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06633
published_at 2026-04-21T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07202
published_at 2026-04-02T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07278
published_at 2026-04-13T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07209
published_at 2026-04-16T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07204
published_at 2026-04-18T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07247
published_at 2026-04-04T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07226
published_at 2026-04-07T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.0728
published_at 2026-04-08T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07307
published_at 2026-04-09T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07302
published_at 2026-04-11T12:55:00Z
10
value 0.00026
scoring_system epss
scoring_elements 0.07289
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25433
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433
3
reference_url https://gitlab.com/libtiff/libtiff/-/issues/520
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/
url https://gitlab.com/libtiff/libtiff/-/issues/520
4
reference_url https://gitlab.com/libtiff/libtiff/-/merge_requests/467
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/
url https://gitlab.com/libtiff/libtiff/-/merge_requests/467
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2218744
reference_id 2218744
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2218744
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25433
reference_id CVE-2023-25433
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25433
7
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
8
reference_url https://access.redhat.com/errata/RHSA-2024:5079
reference_id RHSA-2024:5079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5079
9
reference_url https://usn.ubuntu.com/6229-1/
reference_id USN-6229-1
reference_type
scores
url https://usn.ubuntu.com/6229-1/
10
reference_url https://usn.ubuntu.com/6290-1/
reference_id USN-6290-1
reference_type
scores
url https://usn.ubuntu.com/6290-1/
fixed_packages
0
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hfc-b4qr-jqgk
1
vulnerability VCID-38sj-85gt-sfhe
2
vulnerability VCID-4mhv-7vrm-v7hv
3
vulnerability VCID-7zdy-fxq2-p7gf
4
vulnerability VCID-9grz-pkwb-3kc5
5
vulnerability VCID-a8jf-xmj8-cuh6
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-h9ap-xxmw-j7dr
9
vulnerability VCID-ndc5-qn5u-3qbq
10
vulnerability VCID-r186-xqyn-ffey
11
vulnerability VCID-rp7t-x7gz-9udg
12
vulnerability VCID-sqxq-hg7v-d7gv
13
vulnerability VCID-ttb7-w41r-4kfn
14
vulnerability VCID-ukgj-45m7-6uba
15
vulnerability VCID-vju4-pghv-47bx
16
vulnerability VCID-vrtj-45t6-cqec
17
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u6%3Fdistro=trixie
2
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38sj-85gt-sfhe
1
vulnerability VCID-4mhv-7vrm-v7hv
2
vulnerability VCID-7zdy-fxq2-p7gf
3
vulnerability VCID-9grz-pkwb-3kc5
4
vulnerability VCID-a8jf-xmj8-cuh6
5
vulnerability VCID-b4hb-cxzy-suck
6
vulnerability VCID-d8kh-h6vs-gqd4
7
vulnerability VCID-dg96-zmw1-8kcp
8
vulnerability VCID-ndc5-qn5u-3qbq
9
vulnerability VCID-r186-xqyn-ffey
10
vulnerability VCID-rp7t-x7gz-9udg
11
vulnerability VCID-sqxq-hg7v-d7gv
12
vulnerability VCID-ttb7-w41r-4kfn
13
vulnerability VCID-ukgj-45m7-6uba
14
vulnerability VCID-vju4-pghv-47bx
15
vulnerability VCID-yfxw-tmnn-byc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
purl pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie
5
url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zdy-fxq2-p7gf
1
vulnerability VCID-9grz-pkwb-3kc5
2
vulnerability VCID-dg96-zmw1-8kcp
3
vulnerability VCID-r186-xqyn-ffey
4
vulnerability VCID-sqxq-hg7v-d7gv
5
vulnerability VCID-ttb7-w41r-4kfn
6
vulnerability VCID-vju4-pghv-47bx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/tiff@4.7.1-1?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ttb7-w41r-4kfn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1%3Fdistro=trixie
7
url pkg:deb/debian/tiff@4.7.1-2?distro=trixie
purl pkg:deb/debian/tiff@4.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2%3Fdistro=trixie
aliases CVE-2023-25433
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1vf-mhw2-ducs
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.1~rc3-1%3Fdistro=trixie