Package Instance

reference_id

RHSA-2025:20801

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2025:21994

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2025:23078

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2025:23079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2025:23080

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2026:3461

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

reference_url

reference_id

RHSA-2026:3462

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2023-52355

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8jf-xmj8-cuh6

url VCID-b4hb-cxzy-suck

vulnerability_id VCID-b4hb-cxzy-suck

summary libtiff: LibTIFF Null Pointer Dereference

references

reference_url

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-13978

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10397
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10464
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11597
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11395
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11535
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11561
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11586
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11527
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11441
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14502
published_at	2026-04-24T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14469
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14397
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.145
published_at	2026-04-26T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16241
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-13978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323
reference_id	1111323
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2386059
reference_id	2386059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2386059

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_id

2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/649

reference_id

649

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/649

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/667

reference_id

667

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/667

reference_url

https://vuldb.com/?ctiid.318355

reference_id

?ctiid.318355

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?ctiid.318355

reference_url

https://vuldb.com/?id.318355

reference_id

?id.318355

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?id.318355

reference_url

https://vuldb.com/?submit.624562

reference_id

?submit.624562

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://vuldb.com/?submit.624562

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8961.json

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2024-13978

risk_score 1.2

exploitability 0.5

weighted_severity 2.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4hb-cxzy-suck

url VCID-d8kh-h6vs-gqd4

vulnerability_id VCID-d8kh-h6vs-gqd4

summary libtiff: LibTIFF memory corruption

references

reference_url

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8961.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8961

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11003
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10888
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1102
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11017
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10964
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11065
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10844
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1083
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10966
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10989
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11966
published_at	2026-04-29T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12065
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12099
published_at	2026-04-24T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12119
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111317
reference_id	1111317
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111317

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2388541
reference_id	2388541
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2388541

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/721

reference_id

721

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/721

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960

reference_id

721#note_2670686960

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960

reference_url

https://vuldb.com/?ctiid.319955

reference_id

?ctiid.319955

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://vuldb.com/?ctiid.319955

reference_url

https://vuldb.com/?id.319955

reference_id

?id.319955

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://vuldb.com/?id.319955

reference_url

https://vuldb.com/?submit.627957

reference_id

?submit.627957

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://vuldb.com/?submit.627957

reference_url	https://usn.ubuntu.com/7783-1/
reference_id	USN-7783-1
reference_type
scores
url	https://usn.ubuntu.com/7783-1/

reference_url

https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2025-8961

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8kh-h6vs-gqd4

url VCID-dg96-zmw1-8kcp

vulnerability_id VCID-dg96-zmw1-8kcp

summary libtiff: Libtiff Null Pointer Dereference Vulnerability

references

reference_url

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8534

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09317
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09367
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09354
published_at	2026-04-08T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09278
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10475
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10445
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1025
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10279
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10408
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10431
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13195
published_at	2026-04-26T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1322
published_at	2026-04-21T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13091
published_at	2026-04-29T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13225
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2386450
reference_id	2386450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2386450

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b

reference_id

6ba36f159fd396ad11bf6b7874554197736ecc8b

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/718

reference_id

718

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/718

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/746

reference_id

746

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/746

reference_url

https://vuldb.com/?ctiid.318664

reference_id

?ctiid.318664

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://vuldb.com/?ctiid.318664

reference_url

https://vuldb.com/?id.318664

reference_id

?id.318664

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://vuldb.com/?id.318664

reference_url

https://vuldb.com/?submit.617831

reference_id

?submit.617831

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://vuldb.com/?submit.617831

reference_url	https://usn.ubuntu.com/7707-1/
reference_id	USN-7707-1
reference_type
scores
url	https://usn.ubuntu.com/7707-1/

reference_url

https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link

reference_id

view?usp=drive_link

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-1
purl	pkg:deb/debian/tiff@4.7.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2025-8534

risk_score 1.1

exploitability 0.5

weighted_severity 2.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg96-zmw1-8kcp

url VCID-h9ap-xxmw-j7dr

vulnerability_id VCID-h9ap-xxmw-j7dr

summary Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1056

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17272
published_at	2026-04-01T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.1744
published_at	2026-04-02T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17486
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17266
published_at	2026-04-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17357
published_at	2026-04-08T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17417
published_at	2026-04-09T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17429
published_at	2026-04-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17381
published_at	2026-04-12T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17327
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23037
published_at	2026-04-21T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23084
published_at	2026-04-16T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23077
published_at	2026-04-18T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22859
published_at	2026-04-29T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22869
published_at	2026-04-24T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22864
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/391
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/391

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/307
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/307

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2233599
reference_id	2233599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2233599

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1056
reference_id	CVE-2022-1056
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1056

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json
reference_id	CVE-2022-1056.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2022-1056

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ap-xxmw-j7dr

url VCID-k8kt-55y9-qyac

vulnerability_id VCID-k8kt-55y9-qyac

summary

NULL Pointer Dereference
A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2908

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.0239
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02294
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02289
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02305
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02307
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02321
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02339
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02317
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02318
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02314
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02312
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02369
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02838
published_at	2026-04-29T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0278
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2908

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2218830

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2218830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/479

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/479

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-2908

reference_id

CVE-2023-2908

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://access.redhat.com/security/cve/CVE-2023-2908

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-2908
reference_id	CVE-2023-2908
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-2908

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230731-0004/

reference_id

ntap-20230731-0004

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/

url

https://security.netapp.com/advisory/ntap-20230731-0004/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-2908

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kt-55y9-qyac

url VCID-n3ta-dm1y-gya5

vulnerability_id VCID-n3ta-dm1y-gya5

summary libtiff: Libtiff Write-What-Where

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9900

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.1073
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10838
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10767
published_at	2026-04-26T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10784
published_at	2026-04-24T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10695
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10679
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10819
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10844
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10876
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10863
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10902
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10806
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11566
published_at	2026-04-29T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12031
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2392784

reference_id

2392784

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2392784

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/704

reference_id

704

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/704

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/732

reference_id

732

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/732

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id	cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb
reference_id	cpe:/a:redhat:rhel_eus:9.4::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url

https://access.redhat.com/security/cve/CVE-2025-9900

reference_id

CVE-2025-9900

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/security/cve/CVE-2025-9900

reference_url

https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_id

LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file

reference_url

https://access.redhat.com/errata/RHSA-2025:17651

reference_id

RHSA-2025:17651

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17651

reference_url

https://access.redhat.com/errata/RHSA-2025:17675

reference_id

RHSA-2025:17675

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17675

reference_url

https://access.redhat.com/errata/RHSA-2025:17710

reference_id

RHSA-2025:17710

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17710

reference_url

https://access.redhat.com/errata/RHSA-2025:17738

reference_id

RHSA-2025:17738

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17738

reference_url

https://access.redhat.com/errata/RHSA-2025:17739

reference_id

RHSA-2025:17739

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17739

reference_url

https://access.redhat.com/errata/RHSA-2025:17740

reference_id

RHSA-2025:17740

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:17740

reference_url

https://access.redhat.com/errata/RHSA-2025:19113

reference_id

RHSA-2025:19113

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19113

reference_url

https://access.redhat.com/errata/RHSA-2025:19156

reference_id

RHSA-2025:19156

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19156

reference_url

https://access.redhat.com/errata/RHSA-2025:19276

reference_id

RHSA-2025:19276

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19276

reference_url

https://access.redhat.com/errata/RHSA-2025:19906

reference_id

RHSA-2025:19906

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19906

reference_url

https://access.redhat.com/errata/RHSA-2025:19947

reference_id

RHSA-2025:19947

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:19947

reference_url

https://access.redhat.com/errata/RHSA-2025:20956

reference_id

RHSA-2025:20956

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:20956

reference_url

https://access.redhat.com/errata/RHSA-2025:20998

reference_id

RHSA-2025:20998

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:20998

reference_url

https://access.redhat.com/errata/RHSA-2025:21060

reference_id

RHSA-2025:21060

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21060

reference_url

https://access.redhat.com/errata/RHSA-2025:21061

reference_id

RHSA-2025:21061

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21061

reference_url

https://access.redhat.com/errata/RHSA-2025:21062

reference_id

RHSA-2025:21062

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21062

reference_url

https://access.redhat.com/errata/RHSA-2025:21407

reference_id

RHSA-2025:21407

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21407

reference_url

https://access.redhat.com/errata/RHSA-2025:21506

reference_id

RHSA-2025:21506

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21506

reference_url

https://access.redhat.com/errata/RHSA-2025:21507

reference_id

RHSA-2025:21507

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21507

reference_url

https://access.redhat.com/errata/RHSA-2025:21508

reference_id

RHSA-2025:21508

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2025:21508

reference_url

reference_id

RHSA-2025:21994

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23078

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23079

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2025:23080

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0001

reference_url

reference_id

RHSA-2026:0001

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0001

reference_url

https://access.redhat.com/errata/RHSA-2026:0076

reference_id

RHSA-2026:0076

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0076

reference_url

https://access.redhat.com/errata/RHSA-2026:0077

reference_id

RHSA-2026:0077

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0077

reference_url

https://access.redhat.com/errata/RHSA-2026:0078

reference_id

RHSA-2026:0078

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:0078

reference_url

reference_id

RHSA-2026:3461

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

reference_url

reference_id

RHSA-2026:3462

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:7504

reference_url

reference_id

RHSA-2026:7504

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://access.redhat.com/errata/RHSA-2026:7504

reference_url	https://usn.ubuntu.com/7783-1/
reference_id	USN-7783-1
reference_type
scores
url	https://usn.ubuntu.com/7783-1/

reference_url

https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html

reference_id

v4.7.1.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/

url

https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2025-9900

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3ta-dm1y-gya5

url VCID-ndc5-qn5u-3qbq

vulnerability_id VCID-ndc5-qn5u-3qbq

summary libtiff: LibTIFF Stack-based buffer overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8851.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8851.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8851

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05247
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05338
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05305
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05316
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05328
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05279
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0536
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05304
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05747
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05964
published_at	2026-04-26T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05928
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.059
published_at	2026-04-21T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05755
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07328
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8851

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8851
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8851

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2387618
reference_id	2387618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2387618

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3

reference_id

8a7a48d7a645992ca83062b3a1873c951661e2b3

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3

reference_url

https://vuldb.com/?ctiid.319382

reference_id

?ctiid.319382

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/

url

https://vuldb.com/?ctiid.319382

reference_url

https://vuldb.com/?id.319382

reference_id

?id.319382

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/

url

https://vuldb.com/?id.319382

reference_url

https://vuldb.com/?submit.624604

reference_id

?submit.624604

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/

url

https://vuldb.com/?submit.624604

reference_url	https://usn.ubuntu.com/7707-1/
reference_id	USN-7707-1
reference_type
scores
url	https://usn.ubuntu.com/7707-1/

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2025-8851

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndc5-qn5u-3qbq

url VCID-ndwc-beev-43ck

vulnerability_id VCID-ndwc-beev-43ck

summary

Out-of-bounds Write
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26965

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.00733
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00736
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0073
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00735
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00726
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00796
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.008
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00795
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00844
published_at	2026-04-29T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00801
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00846
published_at	2026-04-24T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00845
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/472

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/472

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215206
reference_id	2215206
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215206

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-26965
reference_id	CVE-2023-26965
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-26965

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230706-0009/

reference_id

ntap-20230706-0009

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/

url

https://security.netapp.com/advisory/ntap-20230706-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-26965

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck

url VCID-r186-xqyn-ffey

vulnerability_id VCID-r186-xqyn-ffey

summary libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61143

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02099
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02134
published_at	2026-04-29T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02081
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02077
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02051
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02065
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02149
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02115
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02108
published_at	2026-04-26T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02106
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02101
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02102
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0212
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02096
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2441978
reference_id	2441978
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2441978

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/737

reference_id

737

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/737

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/755

reference_id

755

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/755

reference_url

https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa

reference_id

9c024cd8e7b131463b84dc60af9bb0aa

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/

url

https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa

reference_url	https://access.redhat.com/errata/RHSA-2026:7504
reference_id	RHSA-2026:7504
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7504

reference_url	https://usn.ubuntu.com/8113-1/
reference_id	USN-8113-1
reference_type
scores
url	https://usn.ubuntu.com/8113-1/

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-1
purl	pkg:deb/debian/tiff@4.7.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2025-61143

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r186-xqyn-ffey

url VCID-rp7t-x7gz-9udg

vulnerability_id VCID-rp7t-x7gz-9udg

summary libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6228.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6228.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6228

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03369
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03381
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03398
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03401
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03423
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03382
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03355
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03332
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03307
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03318
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03435
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0342
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03426
published_at	2026-04-26T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03471
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6228

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2240995
reference_id	2240995
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2240995

reference_url	https://access.redhat.com/errata/RHSA-2024:2289
reference_id	RHSA-2024:2289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2289

reference_url	https://access.redhat.com/errata/RHSA-2024:5079
reference_id	RHSA-2024:5079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5079

reference_url	https://usn.ubuntu.com/6644-1/
reference_id	USN-6644-1
reference_type
scores
url	https://usn.ubuntu.com/6644-1/

reference_url	https://usn.ubuntu.com/6644-2/
reference_id	USN-6644-2
reference_type
scores
url	https://usn.ubuntu.com/6644-2/

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2023-6228

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rp7t-x7gz-9udg

url VCID-sqxq-hg7v-d7gv

vulnerability_id VCID-sqxq-hg7v-d7gv

summary libtiff: LibTIFF Buffer Overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8177

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05168
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05196
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0527
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05251
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05219
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.065
published_at	2026-04-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06428
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06418
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06482
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06493
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07471
published_at	2026-04-24T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07513
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07429
published_at	2026-04-29T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07461
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8177

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2383608
reference_id	2383608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2383608

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/715

reference_id

715

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/715

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/737

reference_id

737

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/737

reference_url

https://vuldb.com/?ctiid.317591

reference_id

?ctiid.317591

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://vuldb.com/?ctiid.317591

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22

reference_id

e8c9d6c616b19438695fd829e58ae4fde5bfbc22

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22

reference_url

https://vuldb.com/?id.317591

reference_id

?id.317591

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://vuldb.com/?id.317591

reference_url	https://access.redhat.com/errata/RHSA-2025:21407
reference_id	RHSA-2025:21407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21407

reference_url

https://vuldb.com/?submit.621797

reference_id

?submit.621797

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://vuldb.com/?submit.621797

reference_url	https://usn.ubuntu.com/7707-1/
reference_id	USN-7707-1
reference_type
scores
url	https://usn.ubuntu.com/7707-1/

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2025-8177

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqxq-hg7v-d7gv

url VCID-ttb7-w41r-4kfn

vulnerability_id VCID-ttb7-w41r-4kfn

summary libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4775

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09462
published_at	2026-04-21T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10702
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11774
published_at	2026-04-29T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1186
published_at	2026-04-26T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23888
published_at	2026-04-13T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23898
published_at	2026-04-16T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23945
published_at	2026-04-12T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.24077
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23859
published_at	2026-04-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23926
published_at	2026-04-08T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23972
published_at	2026-04-09T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23989
published_at	2026-04-11T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.24038
published_at	2026-04-02T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26266
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632
reference_id	1132632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2450768

reference_id

2450768

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2450768

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-4775

reference_id

CVE-2026-4775

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/

url

https://access.redhat.com/security/cve/CVE-2026-4775

reference_url

https://access.redhat.com/errata/RHSA-2026:12265

reference_id

RHSA-2026:12265

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/

url

https://access.redhat.com/errata/RHSA-2026:12265

reference_url	https://access.redhat.com/errata/RHSA-2026:12271
reference_id	RHSA-2026:12271
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12271

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2026-4775

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb7-w41r-4kfn

url VCID-ua38-ur2u-eues

vulnerability_id VCID-ua38-ur2u-eues

summary

Out-of-bounds Write
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52356

reference_id

reference_type

scores

value	0.00616
scoring_system	epss
scoring_elements	0.69868
published_at	2026-04-02T12:55:00Z

value	0.00717
scoring_system	epss
scoring_elements	0.72436
published_at	2026-04-18T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72848
published_at	2026-04-11T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72831
published_at	2026-04-12T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72823
published_at	2026-04-13T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72864
published_at	2026-04-16T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72771
published_at	2026-04-07T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72795
published_at	2026-04-04T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72915
published_at	2026-04-29T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72917
published_at	2026-04-26T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72824
published_at	2026-04-09T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.7281
published_at	2026-04-08T12:55:00Z

value	0.00849
scoring_system	epss
scoring_elements	0.74932
published_at	2026-04-24T12:55:00Z

value	0.00849
scoring_system	epss
scoring_elements	0.74896
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52356

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251344

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251344

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/622

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/622

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/546

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/546

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524
reference_id	1061524
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9
reference_id	cpe:/a:redhat:ai_inference_server:3.3::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id	cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb
reference_id	cpe:/a:redhat:rhel_eus:9.6::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0
reference_id	cpe:/o:redhat:enterprise_linux_eus:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0

reference_url

https://access.redhat.com/security/cve/CVE-2023-52356

reference_id

CVE-2023-52356

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/security/cve/CVE-2023-52356

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52356
reference_id	CVE-2023-52356
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52356

reference_url

https://access.redhat.com/errata/RHSA-2024:5079

reference_id

RHSA-2024:5079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2024:5079

reference_url

reference_id

RHSA-2025:20801

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:21994

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23078

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23079

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2025:23080

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2026:3461

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

reference_url

reference_id

RHSA-2026:3462

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:5958

reference_url

reference_id

RHSA-2026:5958

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:5958

reference_url

https://access.redhat.com/errata/RHSA-2026:7081

reference_id

RHSA-2026:7081

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7081

reference_url

https://access.redhat.com/errata/RHSA-2026:7304

reference_id

RHSA-2026:7304

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7304

reference_url

https://access.redhat.com/errata/RHSA-2026:7335

reference_id

RHSA-2026:7335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:7335

reference_url

https://access.redhat.com/errata/RHSA-2026:8746

reference_id

RHSA-2026:8746

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8746

reference_url

https://access.redhat.com/errata/RHSA-2026:8747

reference_id

RHSA-2026:8747

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8747

reference_url

https://access.redhat.com/errata/RHSA-2026:8748

reference_id

RHSA-2026:8748

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/

url

https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://usn.ubuntu.com/6644-1/
reference_id	USN-6644-1
reference_type
scores
url	https://usn.ubuntu.com/6644-1/

reference_url	https://usn.ubuntu.com/6644-2/
reference_id	USN-6644-2
reference_type
scores
url	https://usn.ubuntu.com/6644-2/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-52356

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ua38-ur2u-eues

url VCID-ukgj-45m7-6uba

vulnerability_id VCID-ukgj-45m7-6uba

summary libtiff: Out-of-memory in TIFFOpen via a craft file

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6277.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6277.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6277

reference_id

reference_type

scores

value	0.0375
scoring_system	epss
scoring_elements	0.88062
published_at	2026-04-29T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.87979
published_at	2026-04-02T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88025
published_at	2026-04-09T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88035
published_at	2026-04-11T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88028
published_at	2026-04-13T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88041
published_at	2026-04-16T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.8804
published_at	2026-04-18T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88039
published_at	2026-04-21T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88057
published_at	2026-04-24T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.87993
published_at	2026-04-04T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.87998
published_at	2026-04-07T12:55:00Z

value	0.0375
scoring_system	epss
scoring_elements	0.88019
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6277

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6277
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6277

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056751
reference_id	1056751
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056751

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251311

reference_id

2251311

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251311

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/545

reference_id

545

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/545

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/614

reference_id

614

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/614

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-6277

reference_id

CVE-2023-6277

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/

url

https://access.redhat.com/security/cve/CVE-2023-6277

reference_url	https://usn.ubuntu.com/6644-1/
reference_id	USN-6644-1
reference_type
scores
url	https://usn.ubuntu.com/6644-1/

reference_url	https://usn.ubuntu.com/6644-2/
reference_id	USN-6644-2
reference_type
scores
url	https://usn.ubuntu.com/6644-2/

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2023-6277

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukgj-45m7-6uba

url VCID-v4rx-c1w4-pbb3

vulnerability_id VCID-v4rx-c1w4-pbb3

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3618

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.43835
published_at	2026-04-29T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44003
published_at	2026-04-02T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44026
published_at	2026-04-04T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43957
published_at	2026-04-07T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44008
published_at	2026-04-08T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4401
published_at	2026-04-09T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44025
published_at	2026-04-11T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43993
published_at	2026-04-12T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43977
published_at	2026-04-13T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44039
published_at	2026-04-16T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4403
published_at	2026-04-18T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43964
published_at	2026-04-21T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43916
published_at	2026-04-24T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4392
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3618

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2215865

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2215865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945
reference_id	1040945
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-3618

reference_id

CVE-2023-3618

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://access.redhat.com/security/cve/CVE-2023-3618

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3618
reference_id	CVE-2023-3618
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3618

reference_url

https://support.apple.com/kb/HT214036

reference_id

HT214036

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214036

reference_url

https://support.apple.com/kb/HT214037

reference_id

HT214037

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214037

reference_url

https://support.apple.com/kb/HT214038

reference_id

HT214038

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://support.apple.com/kb/HT214038

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url

https://security.netapp.com/advisory/ntap-20230824-0012/

reference_id

ntap-20230824-0012

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/

url

https://security.netapp.com/advisory/ntap-20230824-0012/

reference_url	https://access.redhat.com/errata/RHSA-2024:2289
reference_id	RHSA-2024:2289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2289

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-3618

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rx-c1w4-pbb3

url VCID-vju4-pghv-47bx

vulnerability_id VCID-vju4-pghv-47bx

summary libtiff: LibTIFF Use-After-Free Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-8176

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04648
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04672
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04732
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0472
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04686
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06044
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06001
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05993
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06027
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06035
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06901
published_at	2026-04-24T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06918
published_at	2026-04-21T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06895
published_at	2026-04-29T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06924
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-8176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2383598
reference_id	2383598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2383598

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/707

reference_id

707

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/707

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/727

reference_id

727

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/727

reference_url

https://vuldb.com/?ctiid.317590

reference_id

?ctiid.317590

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://vuldb.com/?ctiid.317590

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172

reference_id

fe10872e53efba9cc36c66ac4ab3b41a839d5172

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172

reference_url

https://vuldb.com/?id.317590

reference_id

?id.317590

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://vuldb.com/?id.317590

reference_url	https://access.redhat.com/errata/RHSA-2025:19113
reference_id	RHSA-2025:19113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19113

reference_url	https://access.redhat.com/errata/RHSA-2025:19906
reference_id	RHSA-2025:19906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19906

reference_url	https://access.redhat.com/errata/RHSA-2025:20034
reference_id	RHSA-2025:20034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:20034

reference_url	https://access.redhat.com/errata/RHSA-2025:20956
reference_id	RHSA-2025:20956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:20956

reference_url	https://access.redhat.com/errata/RHSA-2025:21407
reference_id	RHSA-2025:21407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21407

reference_url	https://access.redhat.com/errata/RHSA-2025:21507
reference_id	RHSA-2025:21507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21507

reference_url	https://access.redhat.com/errata/RHSA-2025:21508
reference_id	RHSA-2025:21508
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21508

reference_url	https://access.redhat.com/errata/RHSA-2025:21994
reference_id	RHSA-2025:21994
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21994

reference_url	https://access.redhat.com/errata/RHSA-2025:23078
reference_id	RHSA-2025:23078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23078

reference_url	https://access.redhat.com/errata/RHSA-2025:23079
reference_id	RHSA-2025:23079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23079

reference_url	https://access.redhat.com/errata/RHSA-2025:23080
reference_id	RHSA-2025:23080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23080

reference_url	https://access.redhat.com/errata/RHSA-2026:0001
reference_id	RHSA-2026:0001
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0001

reference_url	https://access.redhat.com/errata/RHSA-2026:0076
reference_id	RHSA-2026:0076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0076

reference_url	https://access.redhat.com/errata/RHSA-2026:0077
reference_id	RHSA-2026:0077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0077

reference_url	https://access.redhat.com/errata/RHSA-2026:0078
reference_id	RHSA-2026:0078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0078

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url

https://vuldb.com/?submit.621796

reference_id

?submit.621796

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://vuldb.com/?submit.621796

reference_url	https://usn.ubuntu.com/7707-1/
reference_id	USN-7707-1
reference_type
scores
url	https://usn.ubuntu.com/7707-1/

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30775.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2

url	pkg:deb/debian/tiff@4.7.1-2
purl	pkg:deb/debian/tiff@4.7.1-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2

aliases CVE-2025-8176

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vju4-pghv-47bx

url VCID-vrtj-45t6-cqec

vulnerability_id VCID-vrtj-45t6-cqec

summary

Out-of-bounds Write
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

references

reference_url

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30775

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.1942
published_at	2026-04-29T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19563
published_at	2026-04-18T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19575
published_at	2026-04-21T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1947
published_at	2026-04-24T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19458
published_at	2026-04-26T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23223
published_at	2026-04-13T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23346
published_at	2026-04-02T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.2324
published_at	2026-04-16T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23385
published_at	2026-04-04T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23174
published_at	2026-04-07T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23247
published_at	2026-04-08T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23297
published_at	2026-04-09T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23319
published_at	2026-04-11T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23281
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30775

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2187141

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2187141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/464

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/464

reference_url

https://access.redhat.com/security/cve/CVE-2023-30775

reference_id

CVE-2023-30775

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/

url

https://access.redhat.com/security/cve/CVE-2023-30775

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30775
reference_id	CVE-2023-30775
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30775

reference_url

https://security.netapp.com/advisory/ntap-20230703-0002/

reference_id

ntap-20230703-0002

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/

url

https://security.netapp.com/advisory/ntap-20230703-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-30775

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrtj-45t6-cqec

url VCID-yfxw-tmnn-byc6

vulnerability_id VCID-yfxw-tmnn-byc6

summary libtiff: LibTIFF memory leak

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9165.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9165.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9165

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.0838
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08426
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08437
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08277
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08294
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08401
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08416
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08436
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08443
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08356
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08433
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09179
published_at	2026-04-29T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09261
published_at	2026-04-24T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09204
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111878
reference_id	1111878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2389574
reference_id	2389574
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2389574

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/728

reference_id

728

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/728

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/747

reference_id

747

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/747

reference_url

https://vuldb.com/?ctiid.320543

reference_id

?ctiid.320543

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://vuldb.com/?ctiid.320543

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0

reference_id

ed141286a37f6e5ddafb5069347ff5d587e7a4e0

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0

reference_url

https://vuldb.com/?id.320543

reference_id

?id.320543

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://vuldb.com/?id.320543

reference_url

https://vuldb.com/?submit.630506

reference_id

?submit.630506

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://vuldb.com/?submit.630506

reference_url

https://vuldb.com/?submit.630507

reference_id

?submit.630507

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://vuldb.com/?submit.630507

reference_url	https://usn.ubuntu.com/7783-1/
reference_id	USN-7783-1
reference_type
scores
url	https://usn.ubuntu.com/7783-1/

reference_url

https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing

reference_url

reference_id

www.libtiff.org

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json

fixed_packages

url	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
purl	pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4

url pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

purl pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-vju4-pghv-47bx

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1

aliases CVE-2025-9165

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfxw-tmnn-byc6

url VCID-z1vf-mhw2-ducs

vulnerability_id VCID-z1vf-mhw2-ducs

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25433

reference_id

reference_type

scores

value	0.00024
scoring_system	epss
scoring_elements	0.06633
published_at	2026-04-21T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06643
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07226
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0728
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07307
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07247
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07289
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07209
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07204
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0761
published_at	2026-04-29T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07641
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25433

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/520

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/520

reference_url

https://gitlab.com/libtiff/libtiff/-/merge_requests/467

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://gitlab.com/libtiff/libtiff/-/merge_requests/467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2218744
reference_id	2218744
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2218744

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25433
reference_id	CVE-2023-25433
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25433

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html

reference_url	https://access.redhat.com/errata/RHSA-2024:5079
reference_id	RHSA-2024:5079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5079

reference_url	https://usn.ubuntu.com/6229-1/
reference_id	USN-6229-1
reference_type
scores
url	https://usn.ubuntu.com/6229-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-yfxw-tmnn-byc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3

aliases CVE-2023-25433

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1vf-mhw2-ducs

Fixing_vulnerabilities

url VCID-15g8-3ryu-h3ga

vulnerability_id VCID-15g8-3ryu-h3ga

summary

Integer Overflow or Wraparound
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41175

reference_id

reference_type

scores

value	0.00282
scoring_system	epss
scoring_elements	0.51572
published_at	2026-04-29T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51675
published_at	2026-04-18T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51655
published_at	2026-04-21T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51606
published_at	2026-04-24T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51612
published_at	2026-04-26T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56787
published_at	2026-04-04T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56816
published_at	2026-04-08T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5682
published_at	2026-04-09T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56828
published_at	2026-04-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56805
published_at	2026-04-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56784
published_at	2026-04-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56815
published_at	2026-04-16T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56767
published_at	2026-04-02T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56764
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41175

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2235264

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2235264

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id	cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url

https://access.redhat.com/security/cve/CVE-2023-41175

reference_id

CVE-2023-41175

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/

url

https://access.redhat.com/security/cve/CVE-2023-41175

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-41175
reference_id	CVE-2023-41175
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-41175

reference_url

https://access.redhat.com/errata/RHSA-2024:2289

reference_id

RHSA-2024:2289

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/

url

https://access.redhat.com/errata/RHSA-2024:2289

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-41175

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15g8-3ryu-h3ga

url VCID-1mh3-q3y5-qyg1

vulnerability_id VCID-1mh3-q3y5-qyg1

summary

Out-of-bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1622

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.28448
published_at	2026-04-01T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28028
published_at	2026-04-29T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28219
published_at	2026-04-24T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28107
published_at	2026-04-26T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28542
published_at	2026-04-02T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28585
published_at	2026-04-04T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28387
published_at	2026-04-07T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28453
published_at	2026-04-08T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28495
published_at	2026-04-09T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28497
published_at	2026-04-11T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28454
published_at	2026-04-12T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28405
published_at	2026-04-13T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.2842
published_at	2026-04-16T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28398
published_at	2026-04-18T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28345
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/410
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/410

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2084269
reference_id	2084269
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2084269

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1622
reference_id	CVE-2022-1622
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1622

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json
reference_id	CVE-2022-1622.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1622

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mh3-q3y5-qyg1

url VCID-25fx-7kmb-fqhm

vulnerability_id VCID-25fx-7kmb-fqhm

summary Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.17922
published_at	2026-04-29T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18128
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18072
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18084
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18116
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18023
published_at	2026-04-24T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17999
published_at	2026-04-26T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18082
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18166
published_at	2026-04-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18222
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18226
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18179
published_at	2026-04-12T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24564
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24601
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24438
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/278
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/278

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/311

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148
reference_id	2064148
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064148

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924
reference_id	CVE-2022-0924
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0924

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json
reference_id	CVE-2022-0924.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0924

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm

url VCID-2u8w-cy3j-9fen

vulnerability_id VCID-2u8w-cy3j-9fen

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0800

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-29T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07329
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/496

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/496

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170167
reference_id	2170167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170167

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0800
reference_id	CVE-2023-0800
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0800

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json

reference_id

CVE-2023-0800.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0800

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8w-cy3j-9fen

url VCID-3wfj-nc9t-xfgp

vulnerability_id VCID-3wfj-nc9t-xfgp

summary

Integer Overflow or Wraparound
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40745

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51401
published_at	2026-04-29T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51503
published_at	2026-04-18T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51481
published_at	2026-04-21T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51434
published_at	2026-04-24T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5144
published_at	2026-04-26T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56696
published_at	2026-04-11T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56671
published_at	2026-04-12T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.5665
published_at	2026-04-13T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56681
published_at	2026-04-16T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56688
published_at	2026-04-09T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56632
published_at	2026-04-07T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56653
published_at	2026-04-04T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56683
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40745

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235265
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://access.redhat.com/security/cve/CVE-2023-40745
reference_id	CVE-2023-40745
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-40745

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-40745
reference_id	CVE-2023-40745
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-40745

reference_url	https://access.redhat.com/errata/RHSA-2024:2289
reference_id	RHSA-2024:2289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2289

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-40745

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wfj-nc9t-xfgp

url VCID-44ee-ueju-ykae

vulnerability_id VCID-44ee-ueju-ykae

summary libtiff: division by zero issues in tiffcrop

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2057

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25652
published_at	2026-04-29T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25707
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25699
published_at	2026-04-26T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/427
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/427

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2057
reference_id	CVE-2022-2057
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2057

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json
reference_id	CVE-2022-2057.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2057

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44ee-ueju-ykae

url VCID-44zu-mtmq-57cm

vulnerability_id VCID-44zu-mtmq-57cm

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0801

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-29T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07329
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/498

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/498

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170172
reference_id	2170172
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170172

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0801
reference_id	CVE-2023-0801
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0801

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json

reference_id

CVE-2023-0801.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0801

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44zu-mtmq-57cm

url VCID-48tr-y71p-7fbb

vulnerability_id VCID-48tr-y71p-7fbb

summary libtiff: Assertion fail in rotateImage() function at tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2520

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.17852
published_at	2026-04-29T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17911
published_at	2026-04-24T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17887
published_at	2026-04-26T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18202
published_at	2026-04-02T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18256
published_at	2026-04-04T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17957
published_at	2026-04-07T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18043
published_at	2026-04-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18104
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18113
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.1807
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.1802
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17962
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17973
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18005
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/424
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/424

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122792
reference_id	2122792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122792

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2520
reference_id	CVE-2022-2520
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2520

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2520

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48tr-y71p-7fbb

url VCID-4egk-vvjq-dyhw

vulnerability_id VCID-4egk-vvjq-dyhw

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0795

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02067
published_at	2026-04-29T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02044
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02039
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/493

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/493

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170119
reference_id	2170119
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170119

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0795
reference_id	CVE-2023-0795
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0795

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json

reference_id

CVE-2023-0795.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0795

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4egk-vvjq-dyhw

url VCID-4mq7-s2p6-yufr

vulnerability_id VCID-4mq7-s2p6-yufr

summary Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42924
published_at	2026-04-01T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.4282
published_at	2026-04-29T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42969
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42901
published_at	2026-04-24T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42902
published_at	2026-04-26T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42988
published_at	2026-04-02T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43015
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42952
published_at	2026-04-07T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43002
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43014
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43036
published_at	2026-04-11T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42985
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43045
published_at	2026-04-16T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.43033
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/392
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/392

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/314

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143
reference_id	2064143
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064143

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907
reference_id	CVE-2022-0907
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0907

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json
reference_id	CVE-2022-0907.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0907

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr

url VCID-4pys-mah6-hfh6

vulnerability_id VCID-4pys-mah6-hfh6

summary

Use After Free
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0799

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02715
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02852
published_at	2026-04-29T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0273
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02737
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0274
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0276
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02731
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02712
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02692
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02702
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02816
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02806
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02794
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/494

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/494

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170162
reference_id	2170162
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170162

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0799
reference_id	CVE-2023-0799
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0799

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json

reference_id

CVE-2023-0799.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0799

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pys-mah6-hfh6

url VCID-4srx-3gbk-eqd3

vulnerability_id VCID-4srx-3gbk-eqd3

summary libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3626

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10954
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10876
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11009
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11006
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10952
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10977
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11479
published_at	2026-04-29T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11505
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11509
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11632
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11588
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11548
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12237
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12191
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142741
reference_id	2142741
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142741

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/426

reference_id

426

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/426

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3626
reference_id	CVE-2022-3626
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3626

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json

reference_id

CVE-2022-3626.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3626

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4srx-3gbk-eqd3

url VCID-5mak-1mkk-wkdg

vulnerability_id VCID-5mak-1mkk-wkdg

summary

NULL Pointer Dereference
Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18283
published_at	2026-04-29T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18461
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18404
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1844
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18342
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18326
published_at	2026-04-26T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18425
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18505
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18557
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18512
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27971
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28012
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27915
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494
reference_id	2054494
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054494

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561
reference_id	CVE-2022-0561
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0561

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json
reference_id	CVE-2022-0561.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0561

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg

url VCID-6cry-skqu-zke9

vulnerability_id VCID-6cry-skqu-zke9

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35522

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13085
published_at	2026-04-01T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13194
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1326
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1306
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13142
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13193
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13162
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13123
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13071
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12973
published_at	2026-04-16T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12976
published_at	2026-04-18T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13073
published_at	2026-04-21T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13066
published_at	2026-04-24T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13035
published_at	2026-04-26T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1293
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932037
reference_id	1932037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932037

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35522
reference_id	CVE-2020-35522
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35522

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35522

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cry-skqu-zke9

url VCID-6kck-g3z6-cuge

vulnerability_id VCID-6kck-g3z6-cuge

summary libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2867

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03602
published_at	2026-04-29T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03423
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03542
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03549
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03555
published_at	2026-04-26T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03511
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03512
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03536
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0349
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03462
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03437
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03412
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0743
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07472
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118847
reference_id	2118847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118847

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2867
reference_id	CVE-2022-2867
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2867

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2867

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kck-g3z6-cuge

url VCID-6sb9-u71x-j7f5

vulnerability_id VCID-6sb9-u71x-j7f5

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45379
published_at	2026-04-29T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45569
published_at	2026-04-16T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45566
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45431
published_at	2026-04-24T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4544
published_at	2026-04-26T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4547
published_at	2026-04-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45525
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45527
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45546
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45516
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45521
published_at	2026-04-13T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50258
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50287
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50218
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040
reference_id	1932040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932040

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523
reference_id	CVE-2020-35523
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35523

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35523

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5

url VCID-6sx9-1yfw-63cg

vulnerability_id VCID-6sx9-1yfw-63cg

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35521

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22025
published_at	2026-04-29T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2224
published_at	2026-04-18T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22193
published_at	2026-04-21T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22052
published_at	2026-04-24T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22039
published_at	2026-04-26T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22184
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22267
published_at	2026-04-08T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22321
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22341
published_at	2026-04-11T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.223
published_at	2026-04-12T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22241
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22245
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30312
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3036
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30283
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932034
reference_id	1932034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932034

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35521
reference_id	CVE-2020-35521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35521

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35521

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sx9-1yfw-63cg

url VCID-6wzx-7a3m-ufhm

vulnerability_id VCID-6wzx-7a3m-ufhm

summary libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3627

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07606
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0762
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07633
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07614
published_at	2026-04-08T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08043
published_at	2026-04-29T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08007
published_at	2026-04-16T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07992
published_at	2026-04-18T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.0815
published_at	2026-04-21T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08107
published_at	2026-04-24T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08071
published_at	2026-04-26T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08413
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0836
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142742
reference_id	2142742
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142742

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/411

reference_id

411

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/411

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3627
reference_id	CVE-2022-3627
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3627

reference_url

reference_id

CVE-2022-3627.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2023:2883
reference_id	RHSA-2023:2883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2883

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3627

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wzx-7a3m-ufhm

url VCID-72yx-48n1-jbfs

vulnerability_id VCID-72yx-48n1-jbfs

summary

Out-of-bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1623

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.55978
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56157
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56145
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56133
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56117
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56151
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-18T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56089
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5614
published_at	2026-04-08T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56823
published_at	2026-04-26T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56865
published_at	2026-04-21T12:55:00Z

value	0.00342
scoring_system	epss
scoring_elements	0.56806
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/410
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/410

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2084260
reference_id	2084260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2084260

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1623
reference_id	CVE-2022-1623
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1623

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json
reference_id	CVE-2022-1623.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1623

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72yx-48n1-jbfs

url VCID-76g4-kacn-7yg7

vulnerability_id VCID-76g4-kacn-7yg7

summary libtiff: Double free or corruption in rotateImage() function at tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2519

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31241
published_at	2026-04-29T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31448
published_at	2026-04-24T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31322
published_at	2026-04-26T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31775
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31819
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31638
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31689
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31718
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31722
published_at	2026-04-11T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31681
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31644
published_at	2026-04-13T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31678
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31657
published_at	2026-04-18T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31625
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/423
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/423

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122789
reference_id	2122789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122789

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2519
reference_id	CVE-2022-2519
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2519

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2519

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76g4-kacn-7yg7

url VCID-8691-q4h3-eyaf

vulnerability_id VCID-8691-q4h3-eyaf

summary libtiff: division by zero issues in tiffcrop

references

reference_url

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2058

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25652
published_at	2026-04-29T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25707
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25699
published_at	2026-04-26T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/428
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/428

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2058
reference_id	CVE-2022-2058
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2058

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json
reference_id	CVE-2022-2058.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2058

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8691-q4h3-eyaf

url VCID-9gqh-2uat-93c7

vulnerability_id VCID-9gqh-2uat-93c7

summary

Out-of-bounds Write
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

references

reference_url

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.06109
published_at	2026-04-29T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05899
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.0605
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06072
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06102
published_at	2026-04-26T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06704
published_at	2026-04-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06697
published_at	2026-04-12T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06688
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06621
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06598
published_at	2026-04-02T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06642
published_at	2026-04-04T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06622
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06671
published_at	2026-04-08T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06705
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30774

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/463
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/463

reference_url	https://access.redhat.com/security/cve/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-30774

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774
reference_id	CVE-2023-30774
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30774

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-30774

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqh-2uat-93c7

url VCID-ap6w-9c6j-akdp

vulnerability_id VCID-ap6w-9c6j-akdp

summary libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2521

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31241
published_at	2026-04-29T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31448
published_at	2026-04-24T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31322
published_at	2026-04-26T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31775
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31819
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31638
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31689
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31718
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31722
published_at	2026-04-11T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31681
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31644
published_at	2026-04-13T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31678
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31657
published_at	2026-04-18T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31625
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/422
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/422

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122799
reference_id	2122799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122799

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2521
reference_id	CVE-2022-2521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2521

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2521

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap6w-9c6j-akdp

url VCID-as9s-4ugc-ukgy

vulnerability_id VCID-as9s-4ugc-ukgy

summary Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1354

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11193
published_at	2026-04-01T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11337
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11395
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11188
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11268
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11323
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11329
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11295
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11269
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11131
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11133
published_at	2026-04-18T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15747
published_at	2026-04-29T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16367
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16261
published_at	2026-04-24T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16257
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/319
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/319

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074404
reference_id	2074404
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074404

reference_url

reference_id

AVG-2721

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json

reference_url	https://access.redhat.com/security/cve/CVE-2022-1354
reference_id	CVE-2022-1354
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1354

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1354
reference_id	CVE-2022-1354
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1354

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1354

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as9s-4ugc-ukgy

url VCID-b33v-b6h4-cqfe

vulnerability_id VCID-b33v-b6h4-cqfe

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0804

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.04817
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05029
published_at	2026-04-29T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04842
published_at	2026-04-04T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.0486
published_at	2026-04-07T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04897
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04914
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04877
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04858
published_at	2026-04-13T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04806
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04814
published_at	2026-04-18T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04959
published_at	2026-04-21T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04992
published_at	2026-04-24T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05032
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/497

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170192
reference_id	2170192
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170192

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0804
reference_id	CVE-2023-0804
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0804

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json

reference_id

CVE-2023-0804.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/

reference_url

reference_id

FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230324-0009/

reference_id

ntap-20230324-0009

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/

url

https://security.netapp.com/advisory/ntap-20230324-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0804

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b33v-b6h4-cqfe

url VCID-bnbg-7q6h-8uhs

vulnerability_id VCID-bnbg-7q6h-8uhs

summary

Out-of-bounds Write
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

references

reference_url

http://libtiff-release-v4-0-7.com

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

http://libtiff-release-v4-0-7.com

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30086

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23177
published_at	2026-04-29T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23524
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23446
published_at	2026-04-12T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23391
published_at	2026-04-13T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23409
published_at	2026-04-16T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23403
published_at	2026-04-18T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23386
published_at	2026-04-21T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23195
published_at	2026-04-24T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23184
published_at	2026-04-26T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23561
published_at	2026-04-04T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23344
published_at	2026-04-07T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23416
published_at	2026-04-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23467
published_at	2026-04-09T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23485
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/538

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/538

reference_url

http://tiffcp.com

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

http://tiffcp.com

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2203650
reference_id	2203650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2203650

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-30086
reference_id	CVE-2023-30086
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-30086

reference_url

https://security.netapp.com/advisory/ntap-20230616-0003/

reference_id

ntap-20230616-0003

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/

url

https://security.netapp.com/advisory/ntap-20230616-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-30086

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnbg-7q6h-8uhs

url VCID-cbhv-yme7-buby

vulnerability_id VCID-cbhv-yme7-buby

summary libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_id

reference_type

scores

value	0.00972
scoring_system	epss
scoring_elements	0.76583
published_at	2026-04-01T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76586
published_at	2026-04-02T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76615
published_at	2026-04-04T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76596
published_at	2026-04-07T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76627
published_at	2026-04-08T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76639
published_at	2026-04-09T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76666
published_at	2026-04-11T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76645
published_at	2026-04-12T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76636
published_at	2026-04-13T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76677
published_at	2026-04-16T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76681
published_at	2026-04-18T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.7667
published_at	2026-04-21T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76701
published_at	2026-04-24T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.76707
published_at	2026-04-26T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.7672
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-19143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801
reference_id	2003801
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003801

reference_url	https://usn.ubuntu.com/5084-1/
reference_id	USN-5084-1
reference_type
scores
url	https://usn.ubuntu.com/5084-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-19143

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby

url VCID-cm5h-b1g9-tkg9

vulnerability_id VCID-cm5h-b1g9-tkg9

summary

Multiple vulnerabilities have been found in LibTIFF, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_id

reference_type

scores

value	0.00413
scoring_system	epss
scoring_elements	0.614
published_at	2026-04-01T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61477
published_at	2026-04-02T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61505
published_at	2026-04-04T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61475
published_at	2026-04-07T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61523
published_at	2026-04-08T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61537
published_at	2026-04-09T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61559
published_at	2026-04-11T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61546
published_at	2026-04-12T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61526
published_at	2026-04-13T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61567
published_at	2026-04-16T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61571
published_at	2026-04-18T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61556
published_at	2026-04-21T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61542
published_at	2026-04-24T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61558
published_at	2026-04-26T12:55:00Z

value	0.00413
scoring_system	epss
scoring_elements	0.61553
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35524

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044
reference_id	1932044
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932044

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524
reference_id	CVE-2020-35524
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-35524

reference_url	https://security.gentoo.org/glsa/202104-06
reference_id	GLSA-202104-06
reference_type
scores
url	https://security.gentoo.org/glsa/202104-06

reference_url	https://access.redhat.com/errata/RHSA-2021:4241
reference_id	RHSA-2021:4241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4241

reference_url	https://usn.ubuntu.com/4755-1/
reference_id	USN-4755-1
reference_type
scores
url	https://usn.ubuntu.com/4755-1/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2020-35524

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9

url VCID-cw7d-us77-2fhv

vulnerability_id VCID-cw7d-us77-2fhv

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0796

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02067
published_at	2026-04-29T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02044
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02039
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/499

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/499

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170146
reference_id	2170146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170146

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0796
reference_id	CVE-2023-0796
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0796

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

reference_id

CVE-2023-0796.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0796

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cw7d-us77-2fhv

url VCID-cwen-8yyj-x3aw

vulnerability_id VCID-cwen-8yyj-x3aw

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25434

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43312
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43294
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43326
published_at	2026-04-09T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43323
published_at	2026-04-04T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.4326
published_at	2026-04-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46498
published_at	2026-04-29T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46538
published_at	2026-04-24T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46549
published_at	2026-04-26T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46575
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46547
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46556
published_at	2026-04-13T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46613
published_at	2026-04-16T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.4661
published_at	2026-04-18T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46557
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25434

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/519

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:18:44Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/519

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215209
reference_id	2215209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215209

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25434
reference_id	CVE-2023-25434
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25434

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-25434

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwen-8yyj-x3aw

url VCID-e6c2-ajs1-abdz

vulnerability_id VCID-e6c2-ajs1-abdz

summary libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3599

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10852
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10952
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10984
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10983
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10928
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11438
published_at	2026-04-29T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11468
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1147
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11596
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1155
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11511
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12214
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12168
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142740
reference_id	2142740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142740

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/398

reference_id

398

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/398

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3599
reference_id	CVE-2022-3599
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3599

reference_url

reference_id

CVE-2022-3599.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3599

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6c2-ajs1-abdz

url VCID-gmhp-4yx2-gfbv

vulnerability_id VCID-gmhp-4yx2-gfbv

summary Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42396
published_at	2026-04-01T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42254
published_at	2026-04-29T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42405
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42341
published_at	2026-04-24T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42337
published_at	2026-04-26T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42467
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42497
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42435
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42486
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42495
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42518
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42481
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42451
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42501
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42476
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/393
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/393

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/310

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146
reference_id	2064146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064146

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909
reference_id	CVE-2022-0909
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0909

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json
reference_id	CVE-2022-0909.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0909

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv

url VCID-h6gn-kv5x-bbd5

vulnerability_id VCID-h6gn-kv5x-bbd5

summary

Out-of-bounds Write
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08006
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08054
published_at	2026-04-29T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08185
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08139
published_at	2026-04-24T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08082
published_at	2026-04-26T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08105
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08148
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08097
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08157
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08179
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08172
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08153
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08136
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08041
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08026
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
reference_id
reference_type
scores
url	https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/380
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/380

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/382
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/382

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411
reference_id	2064411
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064411

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891
reference_id	CVE-2022-0891
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0891

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json
reference_id	CVE-2022-0891.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0891

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5

url VCID-jdv4-3mf6-93hm

vulnerability_id VCID-jdv4-3mf6-93hm

summary libtiff: integer overflow in function TIFFReadRGBATileExt of the file

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3970

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26732
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26891
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26798
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2679
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26847
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2677
published_at	2026-04-18T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28622
published_at	2026-04-07T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28727
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28688
published_at	2026-04-08T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28816
published_at	2026-04-04T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29027
published_at	2026-04-29T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29209
published_at	2026-04-24T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29096
published_at	2026-04-26T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29854
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737
reference_id	1024737
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2148918
reference_id	2148918
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2148918

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

reference_id

227500897dfb07fb7d27f7aa570050e62617e3be

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3970
reference_id	CVE-2022-3970
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3970

reference_url

reference_id

detail?id=53137

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

reference_url

https://oss-fuzz.com/download?testcase_id=5738253143900160

reference_id

download?testcase_id=5738253143900160

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://oss-fuzz.com/download?testcase_id=5738253143900160

reference_url

https://support.apple.com/kb/HT213841

reference_id

HT213841

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://support.apple.com/kb/HT213841

reference_url

https://support.apple.com/kb/HT213843

reference_id

HT213843

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://support.apple.com/kb/HT213843

reference_url

https://vuldb.com/?id.213549

reference_id

?id.213549

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://vuldb.com/?id.213549

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20221215-0009/

reference_id

ntap-20221215-0009

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/

url

https://security.netapp.com/advisory/ntap-20221215-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2023:2883
reference_id	RHSA-2023:2883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2883

reference_url	https://usn.ubuntu.com/5743-1/
reference_id	USN-5743-1
reference_type
scores
url	https://usn.ubuntu.com/5743-1/

reference_url	https://usn.ubuntu.com/5743-2/
reference_id	USN-5743-2
reference_type
scores
url	https://usn.ubuntu.com/5743-2/

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3970

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdv4-3mf6-93hm

url VCID-ju1t-bhyh-v7du

vulnerability_id VCID-ju1t-bhyh-v7du

summary

Out-of-bounds Write
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-48281

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01158
published_at	2026-04-29T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01091
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01093
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01099
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01104
published_at	2026-04-08T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01105
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01089
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01082
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01084
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01077
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01087
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01153
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0116
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-48281

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/488

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/488

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html

reference_url

https://www.debian.org/security/2023/dsa-5333

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://www.debian.org/security/2023/dsa-5333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653
reference_id	1029653
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2163606
reference_id	2163606
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2163606

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-48281
reference_id	CVE-2022-48281
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-48281

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://security.netapp.com/advisory/ntap-20230302-0004/

reference_url

reference_id

ntap-20230302-0004

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/

url

https://security.netapp.com/advisory/ntap-20230302-0004/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:3827
reference_id	RHSA-2023:3827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3827

reference_url	https://usn.ubuntu.com/5841-1/
reference_id	USN-5841-1
reference_type
scores
url	https://usn.ubuntu.com/5841-1/

reference_url	https://usn.ubuntu.com/6290-1/
reference_id	USN-6290-1
reference_type
scores
url	https://usn.ubuntu.com/6290-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-48281

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ju1t-bhyh-v7du

url VCID-kpq7-5vsv-pucy

vulnerability_id VCID-kpq7-5vsv-pucy

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10543
published_at	2026-04-01T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10569
published_at	2026-04-29T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10703
published_at	2026-04-21T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10653
published_at	2026-04-24T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10651
published_at	2026-04-26T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10687
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1075
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10609
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10682
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10737
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10752
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1072
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10696
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10558
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10575
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/383
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/383

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145
reference_id	2064145
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064145

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908
reference_id	CVE-2022-0908
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0908

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json
reference_id	CVE-2022-0908.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0908

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy

url VCID-mhwh-tsst-cfaj

vulnerability_id VCID-mhwh-tsst-cfaj

summary

Out-of-bounds Read
LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18198
published_at	2026-04-29T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18352
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18253
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18238
published_at	2026-04-26T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18569
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18623
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18331
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18414
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18466
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18418
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18367
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18312
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18325
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/355
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/355

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603
reference_id	2042603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2042603

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844
reference_id	CVE-2022-22844
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22844

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5523-1/
reference_id	USN-5523-1
reference_type
scores
url	https://usn.ubuntu.com/5523-1/

reference_url	https://usn.ubuntu.com/5523-2/
reference_id	USN-5523-2
reference_type
scores
url	https://usn.ubuntu.com/5523-2/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-22844

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj

url VCID-pkdx-ktz1-mbbg

vulnerability_id VCID-pkdx-ktz1-mbbg

summary

Missing Release of Memory after Effective Lifetime
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3576

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05679
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05721
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05715
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05754
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05781
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05758
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0575
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05745
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.057
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06393
published_at	2026-04-29T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06185
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06335
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06354
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06381
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3576

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219340
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219340

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://access.redhat.com/security/cve/CVE-2023-3576
reference_id	CVE-2023-3576
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2023-3576

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3576
reference_id	CVE-2023-3576
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3576

reference_url	https://access.redhat.com/errata/RHSA-2023:6575
reference_id	RHSA-2023:6575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6575

reference_url	https://usn.ubuntu.com/6512-1/
reference_id	USN-6512-1
reference_type
scores
url	https://usn.ubuntu.com/6512-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-3576

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg

url VCID-pnpt-r4ke-fufh

vulnerability_id VCID-pnpt-r4ke-fufh

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0803

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-29T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07329
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/501

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/501

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170187
reference_id	2170187
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170187

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0803
reference_id	CVE-2023-0803
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0803

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json

reference_id

CVE-2023-0803.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0803

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnpt-r4ke-fufh

url VCID-qsrb-hf2u-tudp

vulnerability_id VCID-qsrb-hf2u-tudp

summary

NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09639
published_at	2026-04-26T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09596
published_at	2026-04-29T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0958
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09473
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09477
published_at	2026-04-18T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09625
published_at	2026-04-21T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09672
published_at	2026-04-24T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09497
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09571
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09618
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09626
published_at	2026-04-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17853
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17906
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17693
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
reference_id
reference_type
scores
url	https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/362
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495
reference_id	2054495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054495

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562
reference_id	CVE-2022-0562
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0562

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json
reference_id	CVE-2022-0562.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0562

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp

url VCID-rmap-8g2y-abdc

vulnerability_id VCID-rmap-8g2y-abdc

summary libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3598

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11913
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11959
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11747
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1183
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11882
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11893
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11854
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11827
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12556
published_at	2026-04-24T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12409
published_at	2026-04-29T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12522
published_at	2026-04-26T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12548
published_at	2026-04-21T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12434
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1243
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142738
reference_id	2142738
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142738

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/435

reference_id

435

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/435

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_id

cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3598
reference_id	CVE-2022-3598
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3598

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json

reference_id

CVE-2022-3598.json

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_id

ntap-20230110-0001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/

url

https://security.netapp.com/advisory/ntap-20230110-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5705-1/
reference_id	USN-5705-1
reference_type
scores
url	https://usn.ubuntu.com/5705-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3598

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmap-8g2y-abdc

url VCID-ruhz-ty5e-nkgr

vulnerability_id VCID-ruhz-ty5e-nkgr

summary libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2869

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.06827
published_at	2026-04-29T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06831
published_at	2026-04-24T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06851
published_at	2026-04-26T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06652
published_at	2026-04-02T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06696
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06679
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06729
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06762
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06763
published_at	2026-04-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06755
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06749
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06669
published_at	2026-04-18T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06826
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118869
reference_id	2118869
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118869

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2869
reference_id	CVE-2022-2869
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2869

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2869

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruhz-ty5e-nkgr

url VCID-s95z-s4sd-cffs

vulnerability_id VCID-s95z-s4sd-cffs

summary libtiff: division by zero issues in tiffcrop

references

reference_url

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2056

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25652
published_at	2026-04-29T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2579
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25707
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25699
published_at	2026-04-26T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25771
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25841
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25893
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25904
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25862
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25808
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27786
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/415
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/415

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/346

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494
reference_id	1014494
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222
reference_id	2103222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103222

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2056
reference_id	CVE-2022-2056
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2056

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json
reference_id	CVE-2022-2056.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2056

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s95z-s4sd-cffs

url VCID-tddn-m5ke-euas

vulnerability_id VCID-tddn-m5ke-euas

summary libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34526

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42252
published_at	2026-04-29T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42339
published_at	2026-04-24T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42336
published_at	2026-04-26T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42465
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42495
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42433
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42484
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42493
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42516
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42479
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42449
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42499
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42474
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42403
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/433
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/433

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112756
reference_id	2112756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112756

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-34526
reference_id	CVE-2022-34526
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-34526

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-34526

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tddn-m5ke-euas

url VCID-tfyj-y9q3-t3ar

vulnerability_id VCID-tfyj-y9q3-t3ar

summary libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2953

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.0451
published_at	2026-04-29T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04305
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04434
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0445
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0447
published_at	2026-04-26T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04318
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04351
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04366
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04359
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04346
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04325
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04297
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07683
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/414
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/414

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670
reference_id	1024670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2134432
reference_id	2134432
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2134432

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2953
reference_id	CVE-2022-2953
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2953

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json
reference_id	CVE-2022-2953.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://access.redhat.com/errata/RHSA-2023:0302
reference_id	RHSA-2023:0302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0302

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2953

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyj-y9q3-t3ar

url VCID-tg7w-mbkg-7uhj

vulnerability_id VCID-tg7w-mbkg-7uhj

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0798

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02067
published_at	2026-04-29T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02044
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02039
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/492

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/492

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170157
reference_id	2170157
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170157

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0798
reference_id	CVE-2023-0798
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0798

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json

reference_id

CVE-2023-0798.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_id

ntap-20230316-0003

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/

url

https://security.netapp.com/advisory/ntap-20230316-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0798

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7w-mbkg-7uhj

url VCID-tgf9-ax81-fub4

vulnerability_id VCID-tgf9-ax81-fub4

summary libtiff: heap Buffer overflows in tiffcrop.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3570

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00647
published_at	2026-04-29T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00643
published_at	2026-04-24T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00646
published_at	2026-04-26T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0062
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00612
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00614
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00613
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00607
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00605
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00602
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00603
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00597
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00645
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/381
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/381

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/386
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/386

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142734
reference_id	2142734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142734

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-3570
reference_id	CVE-2022-3570
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-3570

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json
reference_id	CVE-2022-3570.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://usn.ubuntu.com/5705-1/
reference_id	USN-5705-1
reference_type
scores
url	https://usn.ubuntu.com/5705-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-3570

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgf9-ax81-fub4

url VCID-ucr1-vp5p-jqck

vulnerability_id VCID-ucr1-vp5p-jqck

summary Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1355

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15516
published_at	2026-04-04T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15406
published_at	2026-04-01T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15447
published_at	2026-04-02T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17111
published_at	2026-04-11T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16989
published_at	2026-04-07T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17079
published_at	2026-04-08T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17135
published_at	2026-04-09T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17064
published_at	2026-04-12T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17002
published_at	2026-04-13T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16937
published_at	2026-04-16T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16938
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22054
published_at	2026-04-29T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22674
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22517
published_at	2026-04-24T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22509
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/400
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/400

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/323
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/323

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160
reference_id	1011160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074415
reference_id	2074415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074415

reference_url

reference_id

AVG-2721

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json

reference_url	https://access.redhat.com/security/cve/CVE-2022-1355
reference_id	CVE-2022-1355
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1355

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1355
reference_id	CVE-2022-1355
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1355

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5619-1/
reference_id	USN-5619-1
reference_type
scores
url	https://usn.ubuntu.com/5619-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-1355

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucr1-vp5p-jqck

url VCID-vu6r-464p-4ue3

vulnerability_id VCID-vu6r-464p-4ue3

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

references

reference_url

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4645

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01862
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01946
published_at	2026-04-29T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01874
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01877
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01891
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01876
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01861
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01856
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01839
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01837
published_at	2026-04-18T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01921
published_at	2026-04-21T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01916
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01912
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/277

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/277

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2176220
reference_id	2176220
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2176220

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/

reference_id

2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/

reference_id

BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-4645
reference_id	CVE-2022-4645
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-4645

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json

reference_id

CVE-2022-4645.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json

reference_url

https://security.netapp.com/advisory/ntap-20230331-0001/

reference_id

ntap-20230331-0001

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://security.netapp.com/advisory/ntap-20230331-0001/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/

reference_id

OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:2340
reference_id	RHSA-2023:2340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2340

reference_url	https://access.redhat.com/errata/RHSA-2024:3059
reference_id	RHSA-2024:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3059

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-4645

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vu6r-464p-4ue3

url VCID-vzr7-wz88-h7gx

vulnerability_id VCID-vzr7-wz88-h7gx

summary libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2868

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03495
published_at	2026-04-29T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0334
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03458
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03444
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03449
published_at	2026-04-26T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03416
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03419
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03441
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03402
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03374
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03351
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03328
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07279
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07322
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2118863
reference_id	2118863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2118863

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2868
reference_id	CVE-2022-2868
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2868

reference_url	https://access.redhat.com/errata/RHSA-2023:0095
reference_id	RHSA-2023:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0095

reference_url	https://usn.ubuntu.com/5604-1/
reference_id	USN-5604-1
reference_type
scores
url	https://usn.ubuntu.com/5604-1/

reference_url	https://usn.ubuntu.com/5714-1/
reference_id	USN-5714-1
reference_type
scores
url	https://usn.ubuntu.com/5714-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-2868

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzr7-wz88-h7gx

url VCID-wza2-4rcj-hkcd

vulnerability_id VCID-wza2-4rcj-hkcd

summary

Out-of-bounds Read
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0797

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02005
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02067
published_at	2026-04-29T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02015
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02012
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02013
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0203
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01999
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01995
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01973
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01975
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0206
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02044
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02039
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/495

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/495

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170151
reference_id	2170151
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170151

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0797
reference_id	CVE-2023-0797
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0797

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json

reference_id

CVE-2023-0797.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0797

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wza2-4rcj-hkcd

url VCID-x9xf-wuyn-6ffg

vulnerability_id VCID-x9xf-wuyn-6ffg

summary

Out-of-bounds Write
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0802

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07302
published_at	2026-04-29T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07256
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07311
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07338
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07335
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07323
published_at	2026-04-24T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07313
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07243
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07239
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07365
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07329
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/500

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/500

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632
reference_id	1031632
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170178
reference_id	2170178
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170178

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0802
reference_id	CVE-2023-0802
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0802

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json

reference_id

CVE-2023-0802.JSON

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json

reference_url

reference_id

dsa-5361

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

reference_url

reference_id

GLSA-202305-31

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

reference_id

msg00026.html

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_id

ntap-20230316-0002

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/

url

https://security.netapp.com/advisory/ntap-20230316-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3711
reference_id	RHSA-2023:3711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3711

reference_url	https://access.redhat.com/errata/RHSA-2023:5353
reference_id	RHSA-2023:5353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5353

reference_url	https://usn.ubuntu.com/5923-1/
reference_id	USN-5923-1
reference_type
scores
url	https://usn.ubuntu.com/5923-1/

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-0802

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9xf-wuyn-6ffg

url VCID-xmwn-vxux-h7g3

vulnerability_id VCID-xmwn-vxux-h7g3

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25435

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09504
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09455
published_at	2026-04-02T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09491
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09417
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14245
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14299
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14206
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.1415
published_at	2026-04-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.1404
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16211
published_at	2026-04-26T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16169
published_at	2026-04-29T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1629
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16214
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/518

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T19:11:03Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/518

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2216614
reference_id	2216614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2216614

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25435
reference_id	CVE-2023-25435
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25435

fixed_packages

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2023-25435

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwn-vxux-h7g3

url VCID-zedn-437q-47b2

vulnerability_id VCID-zedn-437q-47b2

summary Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10258
published_at	2026-04-01T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10292
published_at	2026-04-29T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10413
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10359
published_at	2026-04-24T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1035
published_at	2026-04-26T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10378
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10446
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1033
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10403
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10466
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10496
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10463
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10441
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1031
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10282
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/libtiff/libtiff/-/issues/385
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/issues/385

reference_url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306
reference_id
reference_type
scores
url	https://gitlab.com/libtiff/libtiff/-/merge_requests/306

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406
reference_id	2064406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064406

reference_url	https://security.archlinux.org/ASA-202204-6
reference_id	ASA-202204-6
reference_type
scores
url	https://security.archlinux.org/ASA-202204-6

reference_url

reference_id

AVG-2658

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2659

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-0865
reference_id	CVE-2022-0865
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-0865

reference_url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json
reference_id	CVE-2022-0865.JSON
reference_type
scores
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json

reference_url	https://security.gentoo.org/glsa/202210-10
reference_id	GLSA-202210-10
reference_type
scores
url	https://security.gentoo.org/glsa/202210-10

reference_url	https://access.redhat.com/errata/RHSA-2022:7585
reference_id	RHSA-2022:7585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7585

reference_url	https://access.redhat.com/errata/RHSA-2022:8194
reference_id	RHSA-2022:8194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8194

reference_url	https://usn.ubuntu.com/5421-1/
reference_id	USN-5421-1
reference_type
scores
url	https://usn.ubuntu.com/5421-1/

fixed_packages

url pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

purl pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15g8-3ryu-h3ga

vulnerability	VCID-1mh3-q3y5-qyg1

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-25fx-7kmb-fqhm

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-2u8w-cy3j-9fen

vulnerability	VCID-3wfj-nc9t-xfgp

vulnerability	VCID-44ee-ueju-ykae

vulnerability	VCID-44zu-mtmq-57cm

vulnerability	VCID-48tr-y71p-7fbb

vulnerability	VCID-4egk-vvjq-dyhw

vulnerability	VCID-4mq7-s2p6-yufr

vulnerability	VCID-4pys-mah6-hfh6

vulnerability	VCID-4srx-3gbk-eqd3

vulnerability	VCID-5mak-1mkk-wkdg

vulnerability	VCID-6cry-skqu-zke9

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-6kck-g3z6-cuge

vulnerability	VCID-6sb9-u71x-j7f5

vulnerability	VCID-6sx9-1yfw-63cg

vulnerability	VCID-6wzx-7a3m-ufhm

vulnerability	VCID-72yx-48n1-jbfs

vulnerability	VCID-76g4-kacn-7yg7

vulnerability	VCID-8691-q4h3-eyaf

vulnerability	VCID-9gqh-2uat-93c7

vulnerability	VCID-ap6w-9c6j-akdp

vulnerability	VCID-as9s-4ugc-ukgy

vulnerability	VCID-b33v-b6h4-cqfe

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-bnbg-7q6h-8uhs

vulnerability	VCID-cbhv-yme7-buby

vulnerability	VCID-cm5h-b1g9-tkg9

vulnerability	VCID-cw7d-us77-2fhv

vulnerability	VCID-cwen-8yyj-x3aw

vulnerability	VCID-e6c2-ajs1-abdz

vulnerability	VCID-gmhp-4yx2-gfbv

vulnerability	VCID-h6gn-kv5x-bbd5

vulnerability	VCID-jdv4-3mf6-93hm

vulnerability	VCID-ju1t-bhyh-v7du

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-kpq7-5vsv-pucy

vulnerability	VCID-mhwh-tsst-cfaj

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-pkdx-ktz1-mbbg

vulnerability	VCID-pnpt-r4ke-fufh

vulnerability	VCID-qsrb-hf2u-tudp

vulnerability	VCID-rmap-8g2y-abdc

vulnerability	VCID-ruhz-ty5e-nkgr

vulnerability	VCID-s95z-s4sd-cffs

vulnerability	VCID-tddn-m5ke-euas

vulnerability	VCID-tfyj-y9q3-t3ar

vulnerability	VCID-tg7w-mbkg-7uhj

vulnerability	VCID-tgf9-ax81-fub4

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ucr1-vp5p-jqck

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vu6r-464p-4ue3

vulnerability	VCID-vzr7-wz88-h7gx

vulnerability	VCID-wza2-4rcj-hkcd

vulnerability	VCID-x9xf-wuyn-6ffg

vulnerability	VCID-xmwn-vxux-h7g3

vulnerability	VCID-z1vf-mhw2-ducs

vulnerability	VCID-zedn-437q-47b2

vulnerability	VCID-zwbu-yezc-4yck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4

url pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

purl pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hfc-b4qr-jqgk

vulnerability	VCID-1nme-2pjx-q7hp

vulnerability	VCID-2ds7-xq64-9ue2

vulnerability	VCID-38sj-85gt-sfhe

vulnerability	VCID-4mhv-7vrm-v7hv

vulnerability	VCID-6dt6-ppka-b3ct

vulnerability	VCID-7zdy-fxq2-p7gf

vulnerability	VCID-9grz-pkwb-3kc5

vulnerability	VCID-a8jf-xmj8-cuh6

vulnerability	VCID-b4hb-cxzy-suck

vulnerability	VCID-d8kh-h6vs-gqd4

vulnerability	VCID-dg96-zmw1-8kcp

vulnerability	VCID-h9ap-xxmw-j7dr

vulnerability	VCID-k8kt-55y9-qyac

vulnerability	VCID-n3ta-dm1y-gya5

vulnerability	VCID-ndc5-qn5u-3qbq

vulnerability	VCID-ndwc-beev-43ck

vulnerability	VCID-r186-xqyn-ffey

vulnerability	VCID-rp7t-x7gz-9udg

vulnerability	VCID-sqxq-hg7v-d7gv

vulnerability	VCID-ttb7-w41r-4kfn

vulnerability	VCID-ua38-ur2u-eues

vulnerability	VCID-ukgj-45m7-6uba

vulnerability	VCID-v4rx-c1w4-pbb3

vulnerability	VCID-vju4-pghv-47bx

vulnerability	VCID-vrtj-45t6-cqec

vulnerability	VCID-yfxw-tmnn-byc6

vulnerability	VCID-z1vf-mhw2-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5

aliases CVE-2022-0865

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2

url VCID-zwbu-yezc-4yck

vulnerability_id VCID-zwbu-yezc-4yck

summary libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3597

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07606
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0762
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07633
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07614
published_at	2026-04-08T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08043
published_at	2026-04-29T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08007
published_at	2026-04-16T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.07992
published_at	2026-04-18T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.0815
published_at	2026-04-21T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08107
published_at	2026-04-24T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08071
published_at	2026-04-26T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08413
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0836
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555
reference_id	1022555
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2142736
reference_id	2142736
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2142736

reference_url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_id

236b7191f04c60d09ee836ae13b50f812c841047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047

reference_url

https://gitlab.com/libtiff/libtiff/-/issues/413

reference_id

413

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/

url

https://gitlab.com/libtiff/libtiff/-/issues/413

reference_url

reference_id

AVG-2842

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url