{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"libexif","version":"0.6.25-1+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.6.26-1","latest_non_vulnerable_version":"0.6.26-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76002?format=json","vulnerability_id":"VCID-1hcz-pb63-xbdg","summary":"In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0182.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0182","reference_id":"","reference_type":"","scores":[{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65317","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65359","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0182"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852490","reference_id":"1852490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101715?format=json","purl":"pkg:deb/debian/libexif@0.6.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-0182"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hcz-pb63-xbdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75996?format=json","vulnerability_id":"VCID-1qye-wx7e-puda","summary":"Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2840","reference_id":"","reference_type":"","scores":[{"value":"0.02397","scoring_system":"epss","scoring_elements":"0.85329","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02397","scoring_system":"epss","scoring_elements":"0.85352","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839188","reference_id":"839188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839188"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2840"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qye-wx7e-puda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75988?format=json","vulnerability_id":"VCID-22jn-mcwn-j3ax","summary":"The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2812","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76484","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839203","reference_id":"839203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839203"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2812"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22jn-mcwn-j3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75982?format=json","vulnerability_id":"VCID-2n34-t4fw-5ycv","summary":"Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0664","reference_id":"","reference_type":"","scores":[{"value":"0.03114","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03114","scoring_system":"epss","scoring_elements":"0.87095","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617555","reference_id":"1617555","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617555"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298464","reference_id":"298464","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:300","reference_id":"RHSA-2005:300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101697?format=json","purl":"pkg:deb/debian/libexif@0.6.9-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2005-0664"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n34-t4fw-5ycv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5858?format=json","vulnerability_id":"VCID-342b-qpcn-w3df","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12767.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12767","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34197","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34297","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1834950","reference_id":"1834950","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1834950"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960199","reference_id":"960199","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960199"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4358-1/","reference_id":"USN-4358-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4358-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101717?format=json","purl":"pkg:deb/debian/libexif@0.6.21-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-342b-qpcn-w3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75994?format=json","vulnerability_id":"VCID-44bu-3z7v-5ydx","summary":"The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2837","reference_id":"","reference_type":"","scores":[{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79712","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839185","reference_id":"839185","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839185"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2837"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44bu-3z7v-5ydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5855?format=json","vulnerability_id":"VCID-46rf-wxth-xbh1","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13114.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13114","reference_id":"","reference_type":"","scores":[{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.78034","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.78062","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840350","reference_id":"1840350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410","reference_id":"961410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101718?format=json","purl":"pkg:deb/debian/libexif@0.6.21-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-13114"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46rf-wxth-xbh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5862?format=json","vulnerability_id":"VCID-62d1-kaq2-h3d9","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7544.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7544","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63315","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494196","reference_id":"1494196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494196"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876466","reference_id":"876466","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876466"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://usn.ubuntu.com/4277-1/","reference_id":"USN-4277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4277-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101711?format=json","purl":"pkg:deb/debian/libexif@0.6.21-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7544"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62d1-kaq2-h3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62882?format=json","vulnerability_id":"VCID-6jqb-s4w9-y3af","summary":"libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40385","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922","reference_id":"1133922","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457687","reference_id":"2457687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457687"},{"reference_url":"https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58","reference_id":"93003b93e50b3d259bd2227d8775b73a53c35d58","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:42Z/"}],"url":"https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20929","reference_id":"RHSA-2026:20929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22553","reference_id":"RHSA-2026:22553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101720?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40385"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jqb-s4w9-y3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76001?format=json","vulnerability_id":"VCID-713z-wx2h-53ff","summary":"In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0181.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0181","reference_id":"","reference_type":"","scores":[{"value":"0.09453","scoring_system":"epss","scoring_elements":"0.92966","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09453","scoring_system":"epss","scoring_elements":"0.92976","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847131","reference_id":"1847131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962346","reference_id":"962346","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962346"},{"reference_url":"https://security.gentoo.org/glsa/202011-19","reference_id":"GLSA-202011-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101713?format=json","purl":"pkg:deb/debian/libexif@0.6.21-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-0181"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-713z-wx2h-53ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75985?format=json","vulnerability_id":"VCID-bm6g-ursf-dfh5","summary":"libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6351.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6351","reference_id":"","reference_type":"","scores":[{"value":"0.0445","scoring_system":"epss","scoring_elements":"0.89251","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0445","scoring_system":"epss","scoring_elements":"0.89269","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=425551","reference_id":"425551","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=425551"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330","reference_id":"457330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330"},{"reference_url":"https://security.gentoo.org/glsa/200712-15","reference_id":"GLSA-200712-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200712-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1165","reference_id":"RHSA-2007:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1165"},{"reference_url":"https://usn.ubuntu.com/654-1/","reference_id":"USN-654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101706?format=json","purl":"pkg:deb/debian/libexif@0.6.16-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2007-6351"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bm6g-ursf-dfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5860?format=json","vulnerability_id":"VCID-bwmt-7yhf-zugp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9278.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9278.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9278","reference_id":"","reference_type":"","scores":[{"value":"0.03749","scoring_system":"epss","scoring_elements":"0.88227","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03749","scoring_system":"epss","scoring_elements":"0.88247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789031","reference_id":"1789031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945948","reference_id":"945948","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945948"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4277-1/","reference_id":"USN-4277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4277-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101713?format=json","purl":"pkg:deb/debian/libexif@0.6.21-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9278"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwmt-7yhf-zugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75991?format=json","vulnerability_id":"VCID-ceaj-6s1m-3yak","summary":"The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2836","reference_id":"","reference_type":"","scores":[{"value":"0.02522","scoring_system":"epss","scoring_elements":"0.85693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02522","scoring_system":"epss","scoring_elements":"0.85715","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839184","reference_id":"839184","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839184"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2836"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ceaj-6s1m-3yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75986?format=json","vulnerability_id":"VCID-ebpx-bczb-z3b2","summary":"Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6352","reference_id":"","reference_type":"","scores":[{"value":"0.03354","scoring_system":"epss","scoring_elements":"0.87548","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03354","scoring_system":"epss","scoring_elements":"0.87569","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=425561","reference_id":"425561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=425561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330","reference_id":"457330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457330"},{"reference_url":"https://security.gentoo.org/glsa/200712-15","reference_id":"GLSA-200712-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200712-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1165","reference_id":"RHSA-2007:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1166","reference_id":"RHSA-2007:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1166"},{"reference_url":"https://usn.ubuntu.com/654-1/","reference_id":"USN-654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101706?format=json","purl":"pkg:deb/debian/libexif@0.6.16-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2007-6352"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebpx-bczb-z3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75990?format=json","vulnerability_id":"VCID-fwj4-n4af-wued","summary":"Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2814","reference_id":"","reference_type":"","scores":[{"value":"0.03788","scoring_system":"epss","scoring_elements":"0.88278","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03788","scoring_system":"epss","scoring_elements":"0.88297","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839183","reference_id":"839183","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839183"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2814"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwj4-n4af-wued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5861?format=json","vulnerability_id":"VCID-g1pr-mb2d-d3aj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20030.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20030.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20030","reference_id":"","reference_type":"","scores":[{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77319","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77348","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663878","reference_id":"1663878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663878"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730","reference_id":"918730","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://usn.ubuntu.com/4358-1/","reference_id":"USN-4358-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4358-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101712?format=json","purl":"pkg:deb/debian/libexif@0.6.21-5.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-5.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20030"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1pr-mb2d-d3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75999?format=json","vulnerability_id":"VCID-g856-qmgw-fbca","summary":"Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2841","reference_id":"","reference_type":"","scores":[{"value":"0.04256","scoring_system":"epss","scoring_elements":"0.88998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04256","scoring_system":"epss","scoring_elements":"0.89015","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839189","reference_id":"839189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839189"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2841"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g856-qmgw-fbca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64897?format=json","vulnerability_id":"VCID-huqq-ss1g-jue2","summary":"libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32775","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116","reference_id":"1131116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447881","reference_id":"2447881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447881"},{"reference_url":"https://github.com/libexif/libexif/issues/247","reference_id":"247","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/"}],"url":"https://github.com/libexif/libexif/issues/247"},{"reference_url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","reference_id":"7df372e9d31d7c993a22b913c813a5f7ec4f3692","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/"}],"url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101720?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2026-32775"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huqq-ss1g-jue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75987?format=json","vulnerability_id":"VCID-hvg9-7hrw-87a2","summary":"Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3895.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3895.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3895","reference_id":"","reference_type":"","scores":[{"value":"0.05239","scoring_system":"epss","scoring_elements":"0.90135","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05239","scoring_system":"epss","scoring_elements":"0.90152","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3895"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557137","reference_id":"557137","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557137"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101708?format=json","purl":"pkg:deb/debian/libexif@0.6.19-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.19-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvg9-7hrw-87a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5857?format=json","vulnerability_id":"VCID-hyj8-tmtk-h7ds","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13112.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13112","reference_id":"","reference_type":"","scores":[{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.77011","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840344","reference_id":"1840344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407","reference_id":"961407","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2474","reference_id":"RHSA-2020:2474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2516","reference_id":"RHSA-2020:2516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2549","reference_id":"RHSA-2020:2549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2550","reference_id":"RHSA-2020:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2672","reference_id":"RHSA-2020:2672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2672"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101718?format=json","purl":"pkg:deb/debian/libexif@0.6.21-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-13112"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyj8-tmtk-h7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7110?format=json","vulnerability_id":"VCID-j5mu-rdx7-zug2","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0452.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0452","reference_id":"","reference_type":"","scores":[{"value":"0.16284","scoring_system":"epss","scoring_elements":"0.94951","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16284","scoring_system":"epss","scoring_elements":"0.94959","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902004","reference_id":"1902004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902004"},{"reference_url":"https://security.archlinux.org/AVG-2376","reference_id":"AVG-2376","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2376"},{"reference_url":"https://security.gentoo.org/glsa/202011-19","reference_id":"GLSA-202011-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5393","reference_id":"RHSA-2020:5393","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5393"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5394","reference_id":"RHSA-2020:5394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5395","reference_id":"RHSA-2020:5395","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5395"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5396","reference_id":"RHSA-2020:5396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5402","reference_id":"RHSA-2020:5402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5402"},{"reference_url":"https://usn.ubuntu.com/4624-1/","reference_id":"USN-4624-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4624-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-0452"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5mu-rdx7-zug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62881?format=json","vulnerability_id":"VCID-kmqk-uta9-83e7","summary":"libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40386","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923","reference_id":"1133923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457689","reference_id":"2457689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457689"},{"reference_url":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b","reference_id":"dc6eac6e9655d14d0779d99e82d0f5f442d2f34b","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:57Z/"}],"url":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20929","reference_id":"RHSA-2026:20929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22529","reference_id":"RHSA-2026:22529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22553","reference_id":"RHSA-2026:22553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101720?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40386"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqk-uta9-83e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5859?format=json","vulnerability_id":"VCID-p9wb-yye6-pugf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0093.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0093","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37354","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852487","reference_id":"1852487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852487"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101714?format=json","purl":"pkg:deb/debian/libexif@0.6.21-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-0093"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9wb-yye6-pugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5856?format=json","vulnerability_id":"VCID-phh9-yvjg-nygr","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13113.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13113","reference_id":"","reference_type":"","scores":[{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72558","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72598","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840347","reference_id":"1840347","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840347"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409","reference_id":"961409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4040","reference_id":"RHSA-2020:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101718?format=json","purl":"pkg:deb/debian/libexif@0.6.21-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-13113"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phh9-yvjg-nygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=json","vulnerability_id":"VCID-senj-exhy-uuek","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0198.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0198.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0198","reference_id":"","reference_type":"","scores":[{"value":"0.12017","scoring_system":"epss","scoring_elements":"0.93913","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12017","scoring_system":"epss","scoring_elements":"0.93922","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0198"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847133","reference_id":"1847133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345","reference_id":"962345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345"},{"reference_url":"https://security.archlinux.org/AVG-2376","reference_id":"AVG-2376","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2376"},{"reference_url":"https://security.gentoo.org/glsa/202011-19","reference_id":"GLSA-202011-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4766","reference_id":"RHSA-2020:4766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4766"},{"reference_url":"https://usn.ubuntu.com/4396-1/","reference_id":"USN-4396-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4396-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101716?format=json","purl":"pkg:deb/debian/libexif@0.6.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2020-0198"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-senj-exhy-uuek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75989?format=json","vulnerability_id":"VCID-v2pe-r74z-fucm","summary":"The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2813","reference_id":"","reference_type":"","scores":[{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76518","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76548","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454","reference_id":"681454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839182","reference_id":"839182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839182"},{"reference_url":"https://security.gentoo.org/glsa/201401-10","reference_id":"GLSA-201401-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1255","reference_id":"RHSA-2012:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1255"},{"reference_url":"https://usn.ubuntu.com/1513-1/","reference_id":"USN-1513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1513-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101709?format=json","purl":"pkg:deb/debian/libexif@0.6.20-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.20-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2813"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pe-r74z-fucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75983?format=json","vulnerability_id":"VCID-whjm-923v-xyah","summary":"Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4168.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4168","reference_id":"","reference_type":"","scores":[{"value":"0.07543","scoring_system":"epss","scoring_elements":"0.91964","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07543","scoring_system":"epss","scoring_elements":"0.91977","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=243888","reference_id":"243888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=243888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430012","reference_id":"430012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430012"},{"reference_url":"https://security.gentoo.org/glsa/200706-09","reference_id":"GLSA-200706-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200706-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0501","reference_id":"RHSA-2007:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0501"},{"reference_url":"https://usn.ubuntu.com/478-1/","reference_id":"USN-478-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/478-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101702?format=json","purl":"pkg:deb/debian/libexif@0.6.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2006-4168"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whjm-923v-xyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75984?format=json","vulnerability_id":"VCID-xd62-ke4z-v3hp","summary":"Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2645.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2645.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2645","reference_id":"","reference_type":"","scores":[{"value":"0.3209","scoring_system":"epss","scoring_elements":"0.96918","published_at":"2026-06-04T12:55:00Z"},{"value":"0.3209","scoring_system":"epss","scoring_elements":"0.96923","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=240055","reference_id":"240055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=240055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424775","reference_id":"424775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424775"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30024.txt","reference_id":"CVE-2007-2645;OSVDB-35978","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30024.txt"},{"reference_url":"https://www.securityfocus.com/bid/23927/info","reference_id":"CVE-2007-2645;OSVDB-35978","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23927/info"},{"reference_url":"https://security.gentoo.org/glsa/200706-01","reference_id":"GLSA-200706-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200706-01"},{"reference_url":"https://usn.ubuntu.com/471-1/","reference_id":"USN-471-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/471-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101705?format=json","purl":"pkg:deb/debian/libexif@0.6.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd62-ke4z-v3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5863?format=json","vulnerability_id":"VCID-zudh-dpue-3qba","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6328.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6328","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.6896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1366239","reference_id":"1366239","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1366239"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873022","reference_id":"873022","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873022"},{"reference_url":"https://security.archlinux.org/AVG-1166","reference_id":"AVG-1166","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1166"},{"reference_url":"https://security.gentoo.org/glsa/202007-05","reference_id":"GLSA-202007-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-05"},{"reference_url":"https://usn.ubuntu.com/4277-1/","reference_id":"USN-4277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4277-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101711?format=json","purl":"pkg:deb/debian/libexif@0.6.21-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.21-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101698?format=json","purl":"pkg:deb/debian/libexif@0.6.22-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.22-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101696?format=json","purl":"pkg:deb/debian/libexif@0.6.24-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.24-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101701?format=json","purl":"pkg:deb/debian/libexif@0.6.25-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101699?format=json","purl":"pkg:deb/debian/libexif@0.6.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.26-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6328"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zudh-dpue-3qba"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libexif@0.6.25-1%252Bdeb13u1%3Fdistro=trixie"}