{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","type":"deb","namespace":"debian","name":"gimp","version":"2.10.34-1+deb12u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.10.34-1+deb12u10","latest_non_vulnerable_version":"3.0.4-3+deb13u8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96997?format=json","vulnerability_id":"VCID-1hm4-srhz-tqhb","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2046"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-2046"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hm4-srhz-tqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267402?format=json","vulnerability_id":"VCID-9v2z-2myu-bfd3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4154.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4154","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20952","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20973","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20786","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20822","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4154"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457530","reference_id":"2457530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457530"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253","reference_id":"2e7ed91793792d9e980b2df4c829e9aa60459253","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:06Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-221/","reference_id":"ZDI-26-221","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:06Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-221/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4154"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v2z-2myu-bfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351414?format=json","vulnerability_id":"VCID-d967-53mv-13b6","summary":"GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4152","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09931","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.0989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09772","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09855","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17954","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1934","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457533","reference_id":"2457533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457533"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e","reference_id":"f64c9c23ba3c37dc7b875a9fb477c23953b4666e","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-219/","reference_id":"ZDI-26-219","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-219/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4152"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267399?format=json","vulnerability_id":"VCID-dkmg-nu4f-xbay","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4150","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10892","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20973","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10","reference_id":"00afdabdadeb5457fd897878b1e5aebc3780af10","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457535","reference_id":"2457535","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457535"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-217/","reference_id":"ZDI-26-217","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-217/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4150"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352161?format=json","vulnerability_id":"VCID-fraw-9hj8-vbhs","summary":"gimp: GIMP: Heap buffer overflow due to integer overflow in FITS image loader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40915","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04085","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05805","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06832","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06827","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458744","reference_id":"2458744","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458744"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-40915","reference_id":"CVE-2026-40915","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-40915"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-40915"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fraw-9hj8-vbhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83385?format=json","vulnerability_id":"VCID-gfzg-1hvp-5ugd","summary":"gimp: predictable temporary file name in test-xcf.c unit test","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12713.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12713","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.54942","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55048","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58923","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5894","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58938","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58883","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58962","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/issues/1689","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/gimp/issues/1689"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595819","reference_id":"1595819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595819"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12713","reference_id":"CVE-2018-12713","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"}],"aliases":["CVE-2018-12713"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfzg-1hvp-5ugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63982?format=json","vulnerability_id":"VCID-hj85-sup9-abft","summary":"gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4887.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4887","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.196","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24947","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25006","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24965","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24911","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25065","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24878","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15960","reference_id":"15960","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451669","reference_id":"2451669","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451669"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4887","reference_id":"CVE-2026-4887","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4887"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4887"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj85-sup9-abft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267401?format=json","vulnerability_id":"VCID-ney7-z8qy-kuce","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4153","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17954","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19096","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19202","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19242","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457536","reference_id":"2457536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457536"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712","reference_id":"98cb1371fd4e22cca75017ea3252dc32fc218712","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-220/","reference_id":"ZDI-26-220","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-220/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4153"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267400?format=json","vulnerability_id":"VCID-va44-vsem-xuf5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4151","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10892","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20973","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e","reference_id":"09e5459de913172fc51da3bd6b6adc533acd368e","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457532","reference_id":"2457532","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457532"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-218/","reference_id":"ZDI-26-218","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-218/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4151"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-va44-vsem-xuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352166?format=json","vulnerability_id":"VCID-wkrp-v537-x3hy","summary":"gimp: GIMP: Arbitrary code execution or denial of service via buffer overflow in GIF image processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6384.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6384","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01285","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02145","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02104","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01957","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02111","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6384"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458749","reference_id":"2458749","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:31:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458749"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-6384","reference_id":"CVE-2026-6384","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:31:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-6384"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-6384"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrp-v537-x3hy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64452?format=json","vulnerability_id":"VCID-1w47-u2aa-8uaj","summary":"gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2045","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1518","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14951","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15012","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1505","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15052","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15236","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15129","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1515","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17314","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1745","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2045"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604","reference_id":"1128604","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441522","reference_id":"2441522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441522"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275","reference_id":"68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4173","reference_id":"RHSA-2026:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5113","reference_id":"RHSA-2026:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5388","reference_id":"RHSA-2026:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5389","reference_id":"RHSA-2026:5389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5390","reference_id":"RHSA-2026:5390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5391","reference_id":"RHSA-2026:5391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5434","reference_id":"RHSA-2026:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5435","reference_id":"RHSA-2026:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5436","reference_id":"RHSA-2026:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5437","reference_id":"RHSA-2026:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5437"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-119/","reference_id":"ZDI-26-119","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-119/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2045"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1w47-u2aa-8uaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96594?format=json","vulnerability_id":"VCID-2k57-pmhe-9uds","summary":"GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2761","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44705","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44608","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44528","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44662","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44734","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44702","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44751","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44681","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://usn.ubuntu.com/8057-1/","reference_id":"USN-8057-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8057-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-204/","reference_id":"ZDI-25-204","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:21:41Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-204/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-2761"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2k57-pmhe-9uds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64643?format=json","vulnerability_id":"VCID-2p8s-2h2y-aqg4","summary":"gimp: GIMP: Denial of service via crafted PSP image file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2271","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15659","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27906","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27864","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27903","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33972","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841","reference_id":"1127841","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15732","reference_id":"15732","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15732"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438429","reference_id":"2438429","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438429"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2271","reference_id":"CVE-2026-2271","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2271"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2271"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p8s-2h2y-aqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64891?format=json","vulnerability_id":"VCID-2yr2-zppt-47eq","summary":"gimp: heap-based buffer overflow via specially crafted PSP file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15059","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12733","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12835","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12838","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1296","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1302","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12934","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e","reference_id":"03575ac8cbb0ef3103b0a15d6598475088dcc15e","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267","reference_id":"1126267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432296","reference_id":"2432296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2707","reference_id":"RHSA-2026:2707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2930","reference_id":"RHSA-2026:2930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2950","reference_id":"RHSA-2026:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2953","reference_id":"RHSA-2026:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2969","reference_id":"RHSA-2026:2969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2969"},{"reference_url":"https://usn.ubuntu.com/8057-1/","reference_id":"USN-8057-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8057-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1196/","reference_id":"ZDI-25-1196","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1196/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-15059"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2yr2-zppt-47eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62047?format=json","vulnerability_id":"VCID-3sqk-cbwn-tqa7","summary":"Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32990.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32990","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32677","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32581","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32607","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32609","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32571","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32559","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32528","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32157","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32016","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103202","reference_id":"2103202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103202"},{"reference_url":"https://security.gentoo.org/glsa/202501-02","reference_id":"GLSA-202501-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7978","reference_id":"RHSA-2022:7978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7978"},{"reference_url":"https://usn.ubuntu.com/6521-1/","reference_id":"USN-6521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2022-32990"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sqk-cbwn-tqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96592?format=json","vulnerability_id":"VCID-81y4-4cxp-bybu","summary":"GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2760","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63754","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63674","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63757","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.637","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63712","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63729","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63743","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63728","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6373","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6374","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758","reference_id":"1107758","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758"},{"reference_url":"https://usn.ubuntu.com/8075-1/","reference_id":"USN-8075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8075-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-203/","reference_id":"ZDI-25-203","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:26:53Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-203/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-2760"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81y4-4cxp-bybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69459?format=json","vulnerability_id":"VCID-99yx-7yr3-dfht","summary":"gimp: GIMP ICO File Parsing Integer Overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5473","reference_id":"","reference_type":"","scores":[{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82046","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81986","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82022","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82027","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81917","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.81956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.8195","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005","reference_id":"1105005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370867","reference_id":"2370867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370867"},{"reference_url":"https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes","reference_id":"#general-bugfixes","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/"}],"url":"https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9162","reference_id":"RHSA-2025:9162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9165","reference_id":"RHSA-2025:9165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9308","reference_id":"RHSA-2025:9308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9309","reference_id":"RHSA-2025:9309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9310","reference_id":"RHSA-2025:9310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9314","reference_id":"RHSA-2025:9314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9315","reference_id":"RHSA-2025:9315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9316","reference_id":"RHSA-2025:9316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9501","reference_id":"RHSA-2025:9501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9569","reference_id":"RHSA-2025:9569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9569"},{"reference_url":"https://usn.ubuntu.com/8082-1/","reference_id":"USN-8082-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8082-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-321/","reference_id":"ZDI-25-321","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-321/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-5473"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99yx-7yr3-dfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69446?format=json","vulnerability_id":"VCID-bhsc-qy1f-27dj","summary":"gimp: Gimp Integer Overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6035","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02242","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10482","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1046","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10329","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10291","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10301","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10485","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1277","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1291","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/13518","reference_id":"13518","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/13518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372515","reference_id":"2372515","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372515"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6035","reference_id":"CVE-2025-6035","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6035"},{"reference_url":"https://usn.ubuntu.com/8082-1/","reference_id":"USN-8082-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8082-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-6035"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhsc-qy1f-27dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351414?format=json","vulnerability_id":"VCID-d967-53mv-13b6","summary":"GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4152","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09931","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.0989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09772","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09855","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17954","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1934","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457533","reference_id":"2457533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457533"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e","reference_id":"f64c9c23ba3c37dc7b875a9fb477c23953b4666e","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-219/","reference_id":"ZDI-26-219","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-219/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4152"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62046?format=json","vulnerability_id":"VCID-dav9-9ar6-gkbn","summary":"Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30067","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29079","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28956","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28998","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29002","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28958","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28908","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28932","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28861","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28743","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28562","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28404","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087591","reference_id":"2087591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087591"},{"reference_url":"https://security.gentoo.org/glsa/202501-02","reference_id":"GLSA-202501-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7978","reference_id":"RHSA-2022:7978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7978"},{"reference_url":"https://usn.ubuntu.com/6521-1/","reference_id":"USN-6521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2022-30067"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-9ar6-gkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267399?format=json","vulnerability_id":"VCID-dkmg-nu4f-xbay","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4150","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10835","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10892","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20973","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10","reference_id":"00afdabdadeb5457fd897878b1e5aebc3780af10","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457535","reference_id":"2457535","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457535"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-217/","reference_id":"ZDI-26-217","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-217/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4150"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69509?format=json","vulnerability_id":"VCID-dtpr-ndvm-5udg","summary":"gimp: Multiple heap buffer overflows in TGA parser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48797","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24168","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24045","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24033","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24271","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24204","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24191","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/11822","reference_id":"11822","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/11822"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368558","reference_id":"2368558","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368558"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-48797","reference_id":"CVE-2025-48797","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-48797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9162","reference_id":"RHSA-2025:9162","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9165","reference_id":"RHSA-2025:9165","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9308","reference_id":"RHSA-2025:9308","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9309","reference_id":"RHSA-2025:9309","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9310","reference_id":"RHSA-2025:9310","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9314","reference_id":"RHSA-2025:9314","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9315","reference_id":"RHSA-2025:9315","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9316","reference_id":"RHSA-2025:9316","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9501","reference_id":"RHSA-2025:9501","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9569","reference_id":"RHSA-2025:9569","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9569"},{"reference_url":"https://usn.ubuntu.com/8075-1/","reference_id":"USN-8075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8075-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-48797"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtpr-ndvm-5udg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=json","vulnerability_id":"VCID-gdxp-wy9y-m3h1","summary":"gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10922","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23186","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25521","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25744","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2568","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25632","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25821","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25873","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25883","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25842","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25786","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25789","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459","reference_id":"1116459","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407188","reference_id":"2407188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407188"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4","reference_id":"3d909166463731e94dfe62042d76225ecfc4c1e4","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21968","reference_id":"RHSA-2025:21968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22417","reference_id":"RHSA-2025:22417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22445","reference_id":"RHSA-2025:22445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22496","reference_id":"RHSA-2025:22496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22497","reference_id":"RHSA-2025:22497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22498","reference_id":"RHSA-2025:22498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22866","reference_id":"RHSA-2025:22866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23857","reference_id":"RHSA-2025:23857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0027","reference_id":"RHSA-2026:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0250","reference_id":"RHSA-2026:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0356","reference_id":"RHSA-2026:0356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0356"},{"reference_url":"https://usn.ubuntu.com/8057-1/","reference_id":"USN-8057-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8057-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-911/","reference_id":"ZDI-25-911","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-911/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-10922"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdxp-wy9y-m3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65827?format=json","vulnerability_id":"VCID-hrab-t25s-5ybg","summary":"gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14425","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28601","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28571","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28546","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28498","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35099","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35178","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424767","reference_id":"2424767","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424767"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd","reference_id":"cd1c88a0364ad1444c06536731972a99bd8643fd","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0914","reference_id":"RHSA-2026:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1511","reference_id":"RHSA-2026:1511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1585","reference_id":"RHSA-2026:1585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1586","reference_id":"RHSA-2026:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1587","reference_id":"RHSA-2026:1587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1587"},{"reference_url":"https://usn.ubuntu.com/8057-1/","reference_id":"USN-8057-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8057-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1139/","reference_id":"ZDI-25-1139","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1139/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-14425"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrab-t25s-5ybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64455?format=json","vulnerability_id":"VCID-jy45-8uuz-y7bf","summary":"gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0797","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11061","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11039","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10893","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10903","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11138","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11036","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11093","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12733","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12822","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601","reference_id":"1128601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441524","reference_id":"2441524","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441524"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c","reference_id":"69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4173","reference_id":"RHSA-2026:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5113","reference_id":"RHSA-2026:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5388","reference_id":"RHSA-2026:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5389","reference_id":"RHSA-2026:5389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5390","reference_id":"RHSA-2026:5390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5391","reference_id":"RHSA-2026:5391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5434","reference_id":"RHSA-2026:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5435","reference_id":"RHSA-2026:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5436","reference_id":"RHSA-2026:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5437","reference_id":"RHSA-2026:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5437"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-050/","reference_id":"ZDI-26-050","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-050/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-0797"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy45-8uuz-y7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69508?format=json","vulnerability_id":"VCID-krn9-65fh-sqgq","summary":"gimp: Multiple use after free in XCF parser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48798","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24191","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24168","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24045","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24033","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24271","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24204","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/11822","reference_id":"11822","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/11822"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368557","reference_id":"2368557","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368557"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-48798","reference_id":"CVE-2025-48798","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-48798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9162","reference_id":"RHSA-2025:9162","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9165","reference_id":"RHSA-2025:9165","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9308","reference_id":"RHSA-2025:9308","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9309","reference_id":"RHSA-2025:9309","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9310","reference_id":"RHSA-2025:9310","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9314","reference_id":"RHSA-2025:9314","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9315","reference_id":"RHSA-2025:9315","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9316","reference_id":"RHSA-2025:9316","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9501","reference_id":"RHSA-2025:9501","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9569","reference_id":"RHSA-2025:9569","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9569"},{"reference_url":"https://usn.ubuntu.com/8075-1/","reference_id":"USN-8075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8075-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-48798"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krn9-65fh-sqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267401?format=json","vulnerability_id":"VCID-ney7-z8qy-kuce","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4153","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17954","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19096","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19202","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19242","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457536","reference_id":"2457536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457536"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712","reference_id":"98cb1371fd4e22cca75017ea3252dc32fc218712","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-220/","reference_id":"ZDI-26-220","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-220/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026171?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068122?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10"},{"url":"http://public2.vulnerablecode.io/api/packages/1068117?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/994911?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1"}],"aliases":["CVE-2026-4153"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64670?format=json","vulnerability_id":"VCID-qsyr-7tn1-uyhv","summary":"gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2239","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06035","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05999","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05985","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06043","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0087","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2239"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838","reference_id":"1127838","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15812","reference_id":"15812","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437675","reference_id":"2437675","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437675"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2239","reference_id":"CVE-2026-2239","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2239"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2239"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsyr-7tn1-uyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64450?format=json","vulnerability_id":"VCID-rraw-1e9t-x3f3","summary":"gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2048","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14569","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14401","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14691","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14502","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14591","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16736","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1687","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606","reference_id":"1128606","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441527","reference_id":"2441527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441527"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341","reference_id":"diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4173","reference_id":"RHSA-2026:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5113","reference_id":"RHSA-2026:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5388","reference_id":"RHSA-2026:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5389","reference_id":"RHSA-2026:5389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5390","reference_id":"RHSA-2026:5390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5391","reference_id":"RHSA-2026:5391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5434","reference_id":"RHSA-2026:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5435","reference_id":"RHSA-2026:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5436","reference_id":"RHSA-2026:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5437","reference_id":"RHSA-2026:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5437"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-121/","reference_id":"ZDI-26-121","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-121/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2048"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rraw-1e9t-x3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65830?format=json","vulnerability_id":"VCID-tth9-nncy-5qap","summary":"gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14422","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3019","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30277","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30094","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30097","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36878","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36762","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36965","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424766","reference_id":"2424766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424766"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb","reference_id":"4ff2d773d58064e6130495de498e440f4a6d5edb","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0914","reference_id":"RHSA-2026:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1511","reference_id":"RHSA-2026:1511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1574","reference_id":"RHSA-2026:1574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1584","reference_id":"RHSA-2026:1584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1585","reference_id":"RHSA-2026:1585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1586","reference_id":"RHSA-2026:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1587","reference_id":"RHSA-2026:1587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1588","reference_id":"RHSA-2026:1588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1589","reference_id":"RHSA-2026:1589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1590","reference_id":"RHSA-2026:1590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1591","reference_id":"RHSA-2026:1591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1591"},{"reference_url":"https://usn.ubuntu.com/8075-1/","reference_id":"USN-8075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8075-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1136/","reference_id":"ZDI-25-1136","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1136/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-14422"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tth9-nncy-5qap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64453?format=json","vulnerability_id":"VCID-ubet-venh-tqct","summary":"gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2044","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11736","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11699","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11658","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11709","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13483","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13574","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441521","reference_id":"2441521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441521"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365","reference_id":"diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4173","reference_id":"RHSA-2026:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5113","reference_id":"RHSA-2026:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5388","reference_id":"RHSA-2026:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5389","reference_id":"RHSA-2026:5389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5390","reference_id":"RHSA-2026:5390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5391","reference_id":"RHSA-2026:5391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5434","reference_id":"RHSA-2026:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5435","reference_id":"RHSA-2026:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5436","reference_id":"RHSA-2026:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5437","reference_id":"RHSA-2026:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5437"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-118/","reference_id":"ZDI-26-118","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-118/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2044"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubet-venh-tqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64642?format=json","vulnerability_id":"VCID-uujf-3fhp-8fgg","summary":"gimp: GIMP: Memory corruption due to integer overflow in ICO file handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2272","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0794","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24129","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24352","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2437","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24271","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24729","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842","reference_id":"1127842","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15617","reference_id":"15617","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15617"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438428","reference_id":"2438428","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438428"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2272","reference_id":"CVE-2026-2272","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2026-2272"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uujf-3fhp-8fgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47242?format=json","vulnerability_id":"VCID-z2up-g7ms-gfg2","summary":"A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10934","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18293","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18241","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17996","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20804","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21091","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2107","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20942","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20945","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20913","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21174","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21142","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2109","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21081","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661","reference_id":"1119661","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407233","reference_id":"2407233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407233"},{"reference_url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c","reference_id":"5c3e2122d53869599d77ef0f1bdece117b24fd7c","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/"}],"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c"},{"reference_url":"https://security.gentoo.org/glsa/202601-03","reference_id":"GLSA-202601-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21968","reference_id":"RHSA-2025:21968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22417","reference_id":"RHSA-2025:22417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22445","reference_id":"RHSA-2025:22445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22496","reference_id":"RHSA-2025:22496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22497","reference_id":"RHSA-2025:22497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22498","reference_id":"RHSA-2025:22498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22866","reference_id":"RHSA-2025:22866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23857","reference_id":"RHSA-2025:23857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0027","reference_id":"RHSA-2026:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0250","reference_id":"RHSA-2026:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0356","reference_id":"RHSA-2026:0356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0356"},{"reference_url":"https://usn.ubuntu.com/8075-1/","reference_id":"USN-8075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8075-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-25-978/","reference_id":"ZDI-25-978","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-978/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026170?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hm4-srhz-tqhb"},{"vulnerability":"VCID-9v2z-2myu-bfd3"},{"vulnerability":"VCID-d967-53mv-13b6"},{"vulnerability":"VCID-dkmg-nu4f-xbay"},{"vulnerability":"VCID-fraw-9hj8-vbhs"},{"vulnerability":"VCID-gfzg-1hvp-5ugd"},{"vulnerability":"VCID-hj85-sup9-abft"},{"vulnerability":"VCID-ney7-z8qy-kuce"},{"vulnerability":"VCID-va44-vsem-xuf5"},{"vulnerability":"VCID-wkrp-v537-x3hy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}],"aliases":["CVE-2025-10934"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2up-g7ms-gfg2"}],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5"}