{"url":"http://public2.vulnerablecode.io/api/packages/100905?format=json","purl":"pkg:rpm/redhat/libwebp@1.0.0-5?arch=el8","type":"rpm","namespace":"redhat","name":"libwebp","version":"1.0.0-5","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83237?format=json","vulnerability_id":"VCID-6z14-frdw-r3dh","summary":"libwebp: out-of-bounds read in ApplyFilter()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25010.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25010.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25010","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.6635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66399","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66433","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.6642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.6639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66426","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66451","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66466","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.6653","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66504","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66524","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66585","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66595","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956918","reference_id":"1956918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2018-25010"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z14-frdw-r3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81571?format=json","vulnerability_id":"VCID-8nht-54x7-gqf1","summary":"libwebp: excessive memory allocation when reading a file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36332.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36332.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36332","reference_id":"","reference_type":"","scores":[{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74303","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.7434","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74377","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74357","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74386","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.7442","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74428","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74427","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74424","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74454","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.7448","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74446","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74467","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74524","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.7453","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956868","reference_id":"1956868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36332","reference_id":"CVE-2020-36332","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"}],"fixed_packages":[],"aliases":["CVE-2020-36332"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nht-54x7-gqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81570?format=json","vulnerability_id":"VCID-e3uc-36mx-mbfv","summary":"libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36330.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36330","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3738","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37568","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37461","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3746","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37387","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37134","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60972","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60856","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60913","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60958","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60875","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.60901","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956853","reference_id":"1956853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956853"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36330","reference_id":"CVE-2020-36330","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2020-36330"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3uc-36mx-mbfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80565?format=json","vulnerability_id":"VCID-ecku-fk4j-s3hr","summary":"libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36331.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36331.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36331","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40675","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40786","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4071","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4076","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40768","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40734","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40748","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40671","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40562","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40479","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61392","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61225","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61273","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61332","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61378","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61294","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61321","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956856","reference_id":"1956856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956856"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36331","reference_id":"CVE-2020-36331","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2020-36331"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecku-fk4j-s3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83199?format=json","vulnerability_id":"VCID-hjha-gt3s-s3e3","summary":"libwebp: use of uninitialized value in ReadSymbol()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25014.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25014","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35734","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35628","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35651","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36121","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36162","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36148","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36096","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.68861","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927","reference_id":"1956927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2328","reference_id":"RHSA-2021:2328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2018-25014"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjha-gt3s-s3e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83233?format=json","vulnerability_id":"VCID-ms2y-xj5p-4ud9","summary":"libwebp: out-of-bounds read in WebPMuxCreateInternal()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25012.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25012","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68722","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.687","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68752","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68792","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68802","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68829","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68842","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68821","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68863","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68899","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68944","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68956","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956922","reference_id":"1956922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2018-25012"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2y-xj5p-4ud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83232?format=json","vulnerability_id":"VCID-wcer-d6dm-w3ch","summary":"libwebp: out-of-bounds read in WebPMuxCreateInternal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25009.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25009","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63499","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63549","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63535","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63527","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63546","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63555","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63571","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63588","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63614","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63667","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63675","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956917","reference_id":"1956917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2018-25009"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcer-d6dm-w3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83198?format=json","vulnerability_id":"VCID-yjus-jmfg-tyfv","summary":"libwebp: out-of-bounds read in ShiftBytes()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25013.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25013","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34105","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34037","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3397","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33959","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3359","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33439","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3348","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33393","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33416","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33495","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33521","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956926","reference_id":"1956926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4231","reference_id":"RHSA-2021:4231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4231"},{"reference_url":"https://usn.ubuntu.com/4971-1/","reference_id":"USN-4971-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-1/"},{"reference_url":"https://usn.ubuntu.com/4971-2/","reference_id":"USN-4971-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4971-2/"}],"fixed_packages":[],"aliases":["CVE-2018-25013"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjus-jmfg-tyfv"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libwebp@1.0.0-5%3Farch=el8"}