Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037853?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "type": "deb", "namespace": "debian", "name": "tiff", "version": "4.1.0+git191117-2~deb10u4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.0-6+deb12u4", "latest_non_vulnerable_version": "4.7.1-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19276?format=api", "vulnerability_id": "VCID-15g8-3ryu-h3ga", "summary": "Integer Overflow or Wraparound\nA vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51687", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51675", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51655", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51612", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51572", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51516", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51565", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51609", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5157", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51599", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51679", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56815", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56784", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56787", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.5682", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-41175", "reference_id": "CVE-2023-41175", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-41175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41175", "reference_id": "CVE-2023-41175", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2289", "reference_id": "RHSA-2024:2289", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-41175" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15g8-3ryu-h3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14383?format=api", "vulnerability_id": "VCID-1mh3-q3y5-qyg1", "summary": "Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28448", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2799", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27895", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27969", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28542", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28585", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28497", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28405", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28398", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28345", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28219", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28028", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27869", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27933", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27959", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27874", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/410" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084269", "reference_id": "2084269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084269" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1622", "reference_id": "CVE-2022-1622", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1622" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json", "reference_id": "CVE-2022-1622.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-1622" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mh3-q3y5-qyg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74691?format=api", "vulnerability_id": "VCID-1nme-2pjx-q7hp", "summary": "libtiff: NULL pointer dereference in tif_dirinfo.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66208", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66084", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66082", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6606", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66105", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66148", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66119", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6614", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66197", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67638", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67685", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67684", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70115", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70076", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70036", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70051", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648", "reference_id": "1078648", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302996", "reference_id": "2302996", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302996" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7006", "reference_id": "CVE-2024-7006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6360", "reference_id": "RHSA-2024:6360", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8833", "reference_id": "RHSA-2024:8833", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8914", "reference_id": "RHSA-2024:8914", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8914" }, { "reference_url": "https://usn.ubuntu.com/6997-1/", "reference_id": "USN-6997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6997-1/" }, { "reference_url": "https://usn.ubuntu.com/6997-2/", "reference_id": "USN-6997-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6997-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2024-7006" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nme-2pjx-q7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13265?format=api", "vulnerability_id": "VCID-25fx-7kmb-fqhm", "summary": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18072", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18222", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18084", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17775", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17867", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18082", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18837", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1893", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18933", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18829", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18797", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24564", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24601", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/278" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "reference_id": "2064148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924", "reference_id": "CVE-2022-0924", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", "reference_id": "CVE-2022-0924.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0924" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18009?format=api", "vulnerability_id": "VCID-2ds7-xq64-9ue2", "summary": "NULL Pointer Dereference\nA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05735", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05757", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05721", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06254", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06282", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06396", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06471", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06483", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06494", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06263", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06513", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06518", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06223", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/" } ], "url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216080", "reference_id": "2216080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216080" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468", "reference_id": "468", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/515", "reference_id": "515", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/515" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3316", "reference_id": "CVE-2023-3316", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3316" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6575", "reference_id": "RHSA-2023:6575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6575" }, { "reference_url": "https://usn.ubuntu.com/6229-1/", "reference_id": "USN-6229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6229-1/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-3316" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-xq64-9ue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16438?format=api", "vulnerability_id": "VCID-2u8w-cy3j-9fen", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07568", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07329", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07466", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07534", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07256", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/496", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/496" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170167", "reference_id": "2170167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800", "reference_id": "CVE-2023-0800", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json", "reference_id": "CVE-2023-0800.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0002/", "reference_id": "ntap-20230316-0002", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5353", "reference_id": "RHSA-2023:5353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5353" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0800" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8w-cy3j-9fen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19277?format=api", "vulnerability_id": "VCID-3wfj-nc9t-xfgp", "summary": "Integer Overflow or Wraparound\nLibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51516", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51434", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5144", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51401", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51345", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51438", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51398", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51426", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51505", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51503", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51481", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56683", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56688", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.5665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56681", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-40745", "reference_id": "CVE-2023-40745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-40745" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40745", "reference_id": "CVE-2023-40745", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2289", "reference_id": "RHSA-2024:2289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2289" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-40745" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wfj-nc9t-xfgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79310?format=api", "vulnerability_id": "VCID-44ee-ueju-ykae", "summary": "libtiff: division by zero issues in tiffcrop", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25714", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25664", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25592", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25609", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25687", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25904", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25763", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25652", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25539", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25604", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27824", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/427" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494", "reference_id": "1014494", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "reference_id": "2103222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2057", "reference_id": "CVE-2022-2057", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2057" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json", "reference_id": "CVE-2022-2057.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2057" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44ee-ueju-ykae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16452?format=api", "vulnerability_id": "VCID-44zu-mtmq-57cm", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07568", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07329", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07466", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07534", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07256", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/498" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170172", "reference_id": "2170172", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170172" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801", "reference_id": "CVE-2023-0801", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json", "reference_id": "CVE-2023-0801.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0002/", "reference_id": "ntap-20230316-0002", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5353", "reference_id": "RHSA-2023:5353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5353" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0801" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44zu-mtmq-57cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79411?format=api", "vulnerability_id": "VCID-48tr-y71p-7fbb", "summary": "libtiff: Assertion fail in rotateImage() function at tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1799", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17866", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17986", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18256", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17957", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18043", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18104", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17962", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17973", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18005", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17911", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17887", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17852", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17708", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17802", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17904", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/424" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670", "reference_id": "1024670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", "reference_id": "2122792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2520", "reference_id": "CVE-2022-2520", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2520" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48tr-y71p-7fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16434?format=api", "vulnerability_id": "VCID-4egk-vvjq-dyhw", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02006", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01995", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02067", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02016", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02032", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02015", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/493", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170119", "reference_id": "2170119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170119" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795", "reference_id": "CVE-2023-0795", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "reference_id": "CVE-2023-0795.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "reference_id": "ntap-20230316-0003", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0795" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4egk-vvjq-dyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13252?format=api", "vulnerability_id": "VCID-4mq7-s2p6-yufr", "summary": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42924", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42816", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42701", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4273", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43036", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42901", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42681", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42773", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/392" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143", "reference_id": "2064143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907", "reference_id": "CVE-2022-0907", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", "reference_id": "CVE-2022-0907.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0907" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16450?format=api", "vulnerability_id": "VCID-4pys-mah6-hfh6", "summary": "Use After Free\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02715", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02929", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0276", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02702", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02794", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02852", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02823", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02839", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02873", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02883", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02885", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02916", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0274", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/494", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/494" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170162", "reference_id": "2170162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799", "reference_id": "CVE-2023-0799", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json", "reference_id": "CVE-2023-0799.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "reference_id": "ntap-20230316-0003", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0799" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pys-mah6-hfh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79413?format=api", "vulnerability_id": "VCID-4srx-3gbk-eqd3", "summary": "libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11006", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10876", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11009", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10977", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10954", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11401", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11665", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11505", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11632", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11588", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11548", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11479", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11537", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11556", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11597", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11653", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12237", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12191", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142741", "reference_id": "2142741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142741" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "reference_id": "236b7191f04c60d09ee836ae13b50f812c841047", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/426", "reference_id": "426", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/426" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3626", "reference_id": "CVE-2022-3626", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3626" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json", "reference_id": "CVE-2022-3626.json", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0001/", "reference_id": "ntap-20230110-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3626" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4srx-3gbk-eqd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=api", "vulnerability_id": "VCID-5mak-1mkk-wkdg", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1843", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18145", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18234", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18334", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.183", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18423", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1844", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18283", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27915", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "reference_id": "2054494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561", "reference_id": "CVE-2022-0561", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", "reference_id": "CVE-2022-0561.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0561" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59341?format=api", "vulnerability_id": "VCID-6cry-skqu-zke9", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13085", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1326", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13193", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13123", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12976", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13073", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13035", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1293", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12847", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12999", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13077", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13064", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1309", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13164", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13174", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037", "reference_id": "1932037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35522", "reference_id": "CVE-2020-35522", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35522" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35522" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cry-skqu-zke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18129?format=api", "vulnerability_id": "VCID-6dt6-ppka-b3ct", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07274", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07297", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07282", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08031", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08544", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08602", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08519", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08366", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08318", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0846", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08611", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08398", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/530", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/530" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218749", "reference_id": "2218749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218749" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26966", "reference_id": "CVE-2023-26966", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26966" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6575", "reference_id": "RHSA-2023:6575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6575" }, { "reference_url": "https://usn.ubuntu.com/6229-1/", "reference_id": "USN-6229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6229-1/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-26966" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt6-ppka-b3ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79860?format=api", "vulnerability_id": "VCID-6kck-g3z6-cuge", "summary": "libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03677", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03614", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03616", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03622", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03512", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03462", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03437", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03412", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03423", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03542", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03549", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03602", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03559", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03578", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0743", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07472", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", "reference_id": "2118847", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2867", "reference_id": "CVE-2022-2867", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://usn.ubuntu.com/5604-1/", "reference_id": "USN-5604-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5604-1/" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2867" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kck-g3z6-cuge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59342?format=api", "vulnerability_id": "VCID-6sb9-u71x-j7f5", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45417", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45357", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45301", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.454", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4547", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45516", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45431", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4544", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45274", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45339", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50218", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040", "reference_id": "1932040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523", "reference_id": "CVE-2020-35523", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" }, { "reference_url": "https://usn.ubuntu.com/4755-1/", "reference_id": "USN-4755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4755-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35523" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59340?format=api", "vulnerability_id": "VCID-6sx9-1yfw-63cg", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22174", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22082", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2205", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22072", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22156", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22341", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22245", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2224", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22052", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.21928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22002", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30312", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30283", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034", "reference_id": "1932034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35521", "reference_id": "CVE-2020-35521", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35521" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35521" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sx9-1yfw-63cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79575?format=api", "vulnerability_id": "VCID-6wzx-7a3m-ufhm", "summary": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07614", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07992", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08276", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08278", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0815", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0821", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08143", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08011", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08043", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08107", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08193", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0836", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08413", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142742", "reference_id": "2142742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142742" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "reference_id": "236b7191f04c60d09ee836ae13b50f812c841047", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/411", "reference_id": "411", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/411" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3627", "reference_id": "CVE-2022-3627", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3627" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json", "reference_id": "CVE-2022-3627.json", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0001/", "reference_id": "ntap-20230110-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2883", "reference_id": "RHSA-2023:2883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2883" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3627" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wzx-7a3m-ufhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14381?format=api", "vulnerability_id": "VCID-72yx-48n1-jbfs", "summary": "Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55978", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56138", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56047", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56107", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56056", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.5608", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.5614", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56157", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56133", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56151", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56153", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56806", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56823", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/410" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084260", "reference_id": "2084260", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084260" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1623", "reference_id": "CVE-2022-1623", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1623" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json", "reference_id": "CVE-2022-1623.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-1623" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72yx-48n1-jbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79410?format=api", "vulnerability_id": "VCID-76g4-kacn-7yg7", "summary": "libtiff: Double free or corruption in rotateImage() function at tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31183", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.311", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3117", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31775", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31638", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31718", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31722", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31681", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31657", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31448", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31322", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31241", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31089", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31158", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31166", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31076", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/423" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670", "reference_id": "1024670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", "reference_id": "2122789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2519", "reference_id": "CVE-2022-2519", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2519" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76g4-kacn-7yg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79311?format=api", "vulnerability_id": "VCID-8691-q4h3-eyaf", "summary": "libtiff: division by zero issues in tiffcrop", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25714", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25664", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25592", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25609", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25687", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25904", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25763", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25652", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25539", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25604", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27824", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/428" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494", "reference_id": "1014494", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "reference_id": "2103222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2058", "reference_id": "CVE-2022-2058", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2058" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json", "reference_id": "CVE-2022-2058.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2058" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8691-q4h3-eyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17669?format=api", "vulnerability_id": "VCID-9gqh-2uat-93c7", "summary": "Out-of-bounds Write\nA vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0605", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05899", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06072", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06102", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06109", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06128", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06229", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06303", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06321", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06328", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06339", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06671", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06704", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06688", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06621", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09461", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/463" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-30774", "reference_id": "CVE-2023-30774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-30774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30774", "reference_id": "CVE-2023-30774", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-30774" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqh-2uat-93c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79412?format=api", "vulnerability_id": "VCID-ap6w-9c6j-akdp", "summary": "libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31183", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.311", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3117", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31775", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31638", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31718", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31722", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31681", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31657", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31448", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31322", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31241", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31089", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31158", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31166", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31076", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/422" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670", "reference_id": "1024670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", "reference_id": "2122799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2521", "reference_id": "CVE-2022-2521", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2521" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ap6w-9c6j-akdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40058?format=api", "vulnerability_id": "VCID-as9s-4ugc-ukgy", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11193", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11268", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11323", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11329", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15747", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16257", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16261", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17701", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17739", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17817", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17818", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17547", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1764", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17741", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/319", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404", "reference_id": "2074404", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404" }, { "reference_url": "https://security.archlinux.org/AVG-2721", "reference_id": "AVG-2721", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2721" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1354", "reference_id": "CVE-2022-1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1354" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1354", "reference_id": "CVE-2022-1354", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1354" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-1354" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as9s-4ugc-ukgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16440?format=api", "vulnerability_id": "VCID-b33v-b6h4-cqfe", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04817", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05122", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04842", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0486", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04806", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04959", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04992", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05032", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05021", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05069", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05118", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05124", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/497", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170192", "reference_id": "2170192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170192" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804", "reference_id": "CVE-2023-0804", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json", "reference_id": "CVE-2023-0804.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/", "reference_id": "FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230324-0009/", "reference_id": "ntap-20230324-0009", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230324-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5353", "reference_id": "RHSA-2023:5353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5353" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0804" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b33v-b6h4-cqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68445?format=api", "vulnerability_id": "VCID-b4hb-cxzy-suck", "summary": "libtiff: LibTIFF Null Pointer Dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10464", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10397", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11561", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14469", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.145", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14502", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14397", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16241", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16108", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16223", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16329", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16299", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16332", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16406", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16414", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323", "reference_id": "1111323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386059", "reference_id": "2386059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386059" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4", "reference_id": "2ebfffb0e8836bfb1cd7d85c059cd285c59761a4", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/649", "reference_id": "649", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/649" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/667", "reference_id": "667", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/667" }, { "reference_url": "https://vuldb.com/?ctiid.318355", "reference_id": "?ctiid.318355", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://vuldb.com/?ctiid.318355" }, { "reference_url": "https://vuldb.com/?id.318355", "reference_id": "?id.318355", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://vuldb.com/?id.318355" }, { "reference_url": "https://vuldb.com/?submit.624562", "reference_id": "?submit.624562", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "https://vuldb.com/?submit.624562" }, { "reference_url": "http://www.libtiff.org/", "reference_id": "www.libtiff.org", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/" } ], "url": "http://www.libtiff.org/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994558?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-vju4-pghv-47bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1" } ], "aliases": [ "CVE-2024-13978" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4hb-cxzy-suck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17517?format=api", "vulnerability_id": "VCID-bnbg-7q6h-8uhs", "summary": "Out-of-bounds Write\nBuffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "references": [ { "reference_url": "http://libtiff-release-v4-0-7.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/" } ], "url": "http://libtiff-release-v4-0-7.com" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19793", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19673", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19702", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23184", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23177", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23073", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23158", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23232", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23561", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23344", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23416", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23467", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23391", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23409", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23386", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23195", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/538", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/538" }, { "reference_url": "http://tiffcp.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/" } ], "url": "http://tiffcp.com" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203650", "reference_id": "2203650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203650" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30086", "reference_id": "CVE-2023-30086", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30086" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230616-0003/", "reference_id": "ntap-20230616-0003", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230616-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-30086" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnbg-7q6h-8uhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82581?format=api", "vulnerability_id": "VCID-cbhv-yme7-buby", "summary": "libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76615", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76639", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76636", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7667", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76701", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76707", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7672", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76738", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76756", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7676", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76807", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003801", "reference_id": "2003801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003801" }, { "reference_url": "https://usn.ubuntu.com/5084-1/", "reference_id": "USN-5084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-19143" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59344?format=api", "vulnerability_id": "VCID-cm5h-b1g9-tkg9", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61505", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61537", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61567", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61571", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61542", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61558", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61553", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61502", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61552", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.6161", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61572", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.616", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61652", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61667", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044", "reference_id": "1932044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35524", "reference_id": "CVE-2020-35524", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35524" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" }, { "reference_url": "https://usn.ubuntu.com/4755-1/", "reference_id": "USN-4755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4755-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35524" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16432?format=api", "vulnerability_id": "VCID-cw7d-us77-2fhv", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02006", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01995", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02067", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02016", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02032", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02015", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/499", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170146", "reference_id": "2170146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796", "reference_id": "CVE-2023-0796", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json", "reference_id": "CVE-2023-0796.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "reference_id": "ntap-20230316-0003", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0796" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cw7d-us77-2fhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17945?format=api", "vulnerability_id": "VCID-cwen-8yyj-x3aw", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43294", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43326", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43323", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4655", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46465", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4661", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46538", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46549", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46498", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46403", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46468", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46488", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46433", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25434" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/519", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:18:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/519" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215209", "reference_id": "2215209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25434", "reference_id": "CVE-2023-25434", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-25434" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwen-8yyj-x3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79628?format=api", "vulnerability_id": "VCID-e6c2-ajs1-abdz", "summary": "libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10852", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10928", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10952", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11438", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1156", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11616", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11628", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11468", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1147", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11596", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1155", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11366", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11551", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11501", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11521", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12168", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12214", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142740", "reference_id": "2142740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142740" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/398", "reference_id": "398", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/398" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3599", "reference_id": "CVE-2022-3599", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3599" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json", "reference_id": "CVE-2022-3599.json", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0001/", "reference_id": "ntap-20230110-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3599" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6c2-ajs1-abdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13267?format=api", "vulnerability_id": "VCID-gmhp-4yx2-gfbv", "summary": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42396", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42226", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42116", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42145", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42215", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42497", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42486", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42476", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42341", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4211", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42185", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42201", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/393" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "reference_id": "2064146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909", "reference_id": "CVE-2022-0909", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", "reference_id": "CVE-2022-0909.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=api", "vulnerability_id": "VCID-h6gn-kv5x-bbd5", "summary": "Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08287", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08204", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08231", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08285", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08041", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08139", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08082", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08054", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08023", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08155", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/380" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "reference_id": "2064411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891", "reference_id": "CVE-2022-0891", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", "reference_id": "CVE-2022-0891.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78885?format=api", "vulnerability_id": "VCID-jdv4-3mf6-93hm", "summary": "libtiff: integer overflow in function TIFFReadRGBATileExt of the file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26732", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2677", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29027", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29209", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28939", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28879", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29871", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.2985", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29921", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29957", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29945", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737", "reference_id": "1024737", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148918", "reference_id": "2148918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148918" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be", "reference_id": "227500897dfb07fb7d27f7aa570050e62617e3be", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3970", "reference_id": "CVE-2022-3970", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3970" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137", "reference_id": "detail?id=53137", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137" }, { "reference_url": "https://oss-fuzz.com/download?testcase_id=5738253143900160", "reference_id": "download?testcase_id=5738253143900160", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://oss-fuzz.com/download?testcase_id=5738253143900160" }, { "reference_url": "https://support.apple.com/kb/HT213841", "reference_id": "HT213841", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://support.apple.com/kb/HT213841" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://vuldb.com/?id.213549", "reference_id": "?id.213549", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://vuldb.com/?id.213549" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221215-0009/", "reference_id": "ntap-20221215-0009", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221215-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2883", "reference_id": "RHSA-2023:2883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2883" }, { "reference_url": "https://usn.ubuntu.com/5743-1/", "reference_id": "USN-5743-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5743-1/" }, { "reference_url": "https://usn.ubuntu.com/5743-2/", "reference_id": "USN-5743-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5743-2/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3970" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdv4-3mf6-93hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16157?format=api", "vulnerability_id": "VCID-ju1t-bhyh-v7du", "summary": "Out-of-bounds Write\nprocessCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01149", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01089", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01084", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01153", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0116", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01158", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01157", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01154", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01145", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01141", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01151", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01104", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/488", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/488" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5333", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653", "reference_id": "1029653", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163606", "reference_id": "2163606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163606" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48281", "reference_id": "CVE-2022-48281", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48281" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230302-0004/", "reference_id": "ntap-20230302-0004", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230302-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3827", "reference_id": "RHSA-2023:3827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3827" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-48281" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ju1t-bhyh-v7du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18138?format=api", "vulnerability_id": "VCID-k8kt-55y9-qyac", "summary": "NULL Pointer Dereference\nA null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02317", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02312", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02318", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0239", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02369", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.029", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0278", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02913", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02838", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0281", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02825", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02858", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02867", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02869", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2908" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2908", "reference_id": "CVE-2023-2908", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2908" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908", "reference_id": "CVE-2023-2908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230731-0004/", "reference_id": "ntap-20230731-0004", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230731-0004/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-2908" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kt-55y9-qyac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13250?format=api", "vulnerability_id": "VCID-kpq7-5vsv-pucy", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10543", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10558", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10696", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10703", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10653", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10651", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10527", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10663", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10737", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11372", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11269", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11311", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11302", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11364", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/383" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "reference_id": "2064145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908", "reference_id": "CVE-2022-0908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", "reference_id": "CVE-2022-0908.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0908" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=api", "vulnerability_id": "VCID-mhwh-tsst-cfaj", "summary": "Out-of-bounds Read\nLibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18342", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18217", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18245", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18335", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18569", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18352", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1806", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1815", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18251", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/355" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "reference_id": "2042603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844", "reference_id": "CVE-2022-22844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-22844" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67453?format=api", "vulnerability_id": "VCID-n3ta-dm1y-gya5", "summary": "libtiff: Libtiff Write-What-Where", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1073", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10838", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10784", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10695", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10819", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11759", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11566", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11485", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11623", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11674", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11645", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11746", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12031", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784", "reference_id": "2392784", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/704", "reference_id": "704", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/704" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732", "reference_id": "732", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-9900", "reference_id": "CVE-2025-9900", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-9900" }, { "reference_url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file", "reference_id": "LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17651", "reference_id": "RHSA-2025:17651", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17675", "reference_id": "RHSA-2025:17675", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17710", "reference_id": "RHSA-2025:17710", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17738", "reference_id": "RHSA-2025:17738", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17739", "reference_id": "RHSA-2025:17739", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17740", "reference_id": "RHSA-2025:17740", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:17740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19113", "reference_id": "RHSA-2025:19113", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19156", "reference_id": "RHSA-2025:19156", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19276", "reference_id": "RHSA-2025:19276", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19906", "reference_id": "RHSA-2025:19906", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19947", "reference_id": "RHSA-2025:19947", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20956", "reference_id": "RHSA-2025:20956", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:20956" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20998", "reference_id": "RHSA-2025:20998", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:20998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21060", "reference_id": "RHSA-2025:21060", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21061", "reference_id": "RHSA-2025:21061", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21062", "reference_id": "RHSA-2025:21062", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21407", "reference_id": "RHSA-2025:21407", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21506", "reference_id": "RHSA-2025:21506", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21507", "reference_id": "RHSA-2025:21507", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21508", "reference_id": "RHSA-2025:21508", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21994", "reference_id": "RHSA-2025:21994", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7504", "reference_id": "RHSA-2026:7504", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7504" }, { "reference_url": "https://usn.ubuntu.com/7783-1/", "reference_id": "USN-7783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7783-1/" }, { "reference_url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html", "reference_id": "v4.7.1.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/" } ], "url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2025-9900" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3ta-dm1y-gya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17889?format=api", "vulnerability_id": "VCID-ndwc-beev-43ck", "summary": "Out-of-bounds Write\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26965", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00733", "published_at": "2026-04-02T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00726", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0073", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00845", "published_at": "2026-04-26T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00836", "published_at": "2026-05-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0084", "published_at": "2026-05-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00832", "published_at": "2026-05-15T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00826", "published_at": "2026-05-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00833", "published_at": "2026-05-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00846", "published_at": "2026-05-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00795", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.008", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00844", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215206", "reference_id": "2215206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215206" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26965", "reference_id": "CVE-2023-26965", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26965" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0009/", "reference_id": "ntap-20230706-0009", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6575", "reference_id": "RHSA-2023:6575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6575" }, { "reference_url": "https://usn.ubuntu.com/6229-1/", "reference_id": "USN-6229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6229-1/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-26965" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19264?format=api", "vulnerability_id": "VCID-pkdx-ktz1-mbbg", "summary": "Missing Release of Memory after Effective Lifetime\nA memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05721", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05715", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.057", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05758", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06624", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06648", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06647", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06185", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06381", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06393", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06411", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06533", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06601", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06612", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3576" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3576", "reference_id": "CVE-2023-3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-3576" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3576", "reference_id": "CVE-2023-3576", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6575", "reference_id": "RHSA-2023:6575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6575" }, { "reference_url": "https://usn.ubuntu.com/6512-1/", "reference_id": "USN-6512-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6512-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-3576" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16447?format=api", "vulnerability_id": "VCID-pnpt-r4ke-fufh", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07568", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07329", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07466", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07534", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07256", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/501", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/501" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170187", "reference_id": "2170187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170187" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803", "reference_id": "CVE-2023-0803", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json", "reference_id": "CVE-2023-0803.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0002/", "reference_id": "ntap-20230316-0002", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5353", "reference_id": "RHSA-2023:5353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5353" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0803" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnpt-r4ke-fufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12866?format=api", "vulnerability_id": "VCID-qsrb-hf2u-tudp", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09813", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09639", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09512", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09742", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09718", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09751", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09818", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09596", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09672", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17906", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17693", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "reference_id": "2054495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562", "reference_id": "CVE-2022-0562", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", "reference_id": "CVE-2022-0562.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0562" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79347?format=api", "vulnerability_id": "VCID-rmap-8g2y-abdc", "summary": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11913", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11882", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11959", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11747", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11893", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11827", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12556", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1232", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12461", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1252", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12548", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12542", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12609", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12615", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12434", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142738", "reference_id": "2142738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142738" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/435", "reference_id": "435", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/435" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff", "reference_id": "cfbb883bf6ea7bedcb04177cc4e52d304522fdff", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3598", "reference_id": "CVE-2022-3598", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3598" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json", "reference_id": "CVE-2022-3598.json", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0001/", "reference_id": "ntap-20230110-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://usn.ubuntu.com/5705-1/", "reference_id": "USN-5705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5705-1/" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3598" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmap-8g2y-abdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79861?format=api", "vulnerability_id": "VCID-ruhz-ty5e-nkgr", "summary": "libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07128", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07105", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07125", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06652", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06762", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06755", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06669", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06826", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06831", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06851", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06827", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06868", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07021", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07111", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07093", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", "reference_id": "2118869", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2869", "reference_id": "CVE-2022-2869", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://usn.ubuntu.com/5604-1/", "reference_id": "USN-5604-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5604-1/" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2869" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruhz-ty5e-nkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79309?format=api", "vulnerability_id": "VCID-s95z-s4sd-cffs", "summary": "libtiff: division by zero issues in tiffcrop", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25714", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25664", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25592", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25609", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25687", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25904", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25763", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25652", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25539", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25604", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27824", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/415" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494", "reference_id": "1014494", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", "reference_id": "2103222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103222" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2056", "reference_id": "CVE-2022-2056", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2056" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json", "reference_id": "CVE-2022-2056.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2056" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s95z-s4sd-cffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79171?format=api", "vulnerability_id": "VCID-tddn-m5ke-euas", "summary": "libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37959", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37946", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42495", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42493", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42479", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42499", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42474", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42403", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42339", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42336", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42108", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42183", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42199", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42114", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42143", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/433" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112756", "reference_id": "2112756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112756" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34526", "reference_id": "CVE-2022-34526", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34526" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-34526" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tddn-m5ke-euas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79107?format=api", "vulnerability_id": "VCID-tfyj-y9q3-t3ar", "summary": "libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.046", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04584", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04585", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04592", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04318", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04346", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04297", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0445", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0447", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0451", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04512", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04542", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07683", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/414" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670", "reference_id": "1024670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", "reference_id": "2134432", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134432" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2953", "reference_id": "CVE-2022-2953", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2953" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json", "reference_id": "CVE-2022-2953.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0302", "reference_id": "RHSA-2023:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0302" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2953" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyj-y9q3-t3ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16442?format=api", "vulnerability_id": "VCID-tg7w-mbkg-7uhj", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02006", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01995", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02067", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02016", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02032", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02015", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/492", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170157", "reference_id": "2170157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170157" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798", "reference_id": "CVE-2023-0798", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json", "reference_id": "CVE-2023-0798.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0003/", "reference_id": "ntap-20230316-0003", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0798" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7w-mbkg-7uhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79632?format=api", "vulnerability_id": "VCID-tgf9-ax81-fub4", "summary": "libtiff: heap Buffer overflows in tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00634", "published_at": "2026-05-15T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00636", "published_at": "2026-05-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00632", "published_at": "2026-05-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0062", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00613", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00603", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00597", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00645", "published_at": "2026-05-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00643", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00646", "published_at": "2026-04-26T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00647", "published_at": "2026-04-29T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00652", "published_at": "2026-05-05T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00649", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/381" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/386" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142734", "reference_id": "2142734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142734" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3570", "reference_id": "CVE-2022-3570", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3570" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json", "reference_id": "CVE-2022-3570.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://usn.ubuntu.com/5705-1/", "reference_id": "USN-5705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5705-1/" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3570" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgf9-ax81-fub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64120?format=api", "vulnerability_id": "VCID-ttb7-w41r-4kfn", "summary": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09462", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10702", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11774", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1186", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12125", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11988", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12361", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1378", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13785", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16446", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16437", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23945", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23926", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23859", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24038", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26266", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632", "reference_id": "1132632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "reference_id": "2450768", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4775", "reference_id": "CVE-2026-4775", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12265", "reference_id": "RHSA-2026:12265", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12271", "reference_id": "RHSA-2026:12271", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14929", "reference_id": "RHSA-2026:14929", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16055", "reference_id": "RHSA-2026:16055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16055" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2026-4775" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb7-w41r-4kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20633?format=api", "vulnerability_id": "VCID-ua38-ur2u-eues", "summary": "Out-of-bounds Write\nA segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.69868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72572", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72519", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72482", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72509", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72564", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72824", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72915", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72909", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72935", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72831", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72823", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72864", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72848", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74896", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74932", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52356" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/622", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/622" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524", "reference_id": "1061524", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-52356", "reference_id": "CVE-2023-52356", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-52356" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356", "reference_id": "CVE-2023-52356", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5079", "reference_id": "RHSA-2024:5079", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:5079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20801", "reference_id": "RHSA-2025:20801", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:20801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21994", "reference_id": "RHSA-2025:21994", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5958", "reference_id": "RHSA-2026:5958", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7081", "reference_id": "RHSA-2026:7081", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7081" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7304", "reference_id": "RHSA-2026:7304", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7335", "reference_id": "RHSA-2026:7335", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://usn.ubuntu.com/6644-1/", "reference_id": "USN-6644-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6644-1/" }, { "reference_url": "https://usn.ubuntu.com/6644-2/", "reference_id": "USN-6644-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6644-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-52356" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ua38-ur2u-eues" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40060?format=api", "vulnerability_id": "VCID-ucr1-vp5p-jqck", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15406", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16937", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16938", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16989", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17079", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17135", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22203", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22111", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22079", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22102", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22185", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22054", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.21956", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2203", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22674", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22517", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22509", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/400" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160", "reference_id": "1011160", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", "reference_id": "2074415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415" }, { "reference_url": "https://security.archlinux.org/AVG-2721", "reference_id": "AVG-2721", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2721" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1355", "reference_id": "CVE-2022-1355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1355", "reference_id": "CVE-2022-1355", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1355" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-1355" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucr1-vp5p-jqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18361?format=api", "vulnerability_id": "VCID-v4rx-c1w4-pbb3", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nA flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43957", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44026", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44008", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4401", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44025", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44039", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43964", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4392", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43835", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43714", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4379", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50202", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50258", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50272", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50155", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50182", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3618" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945", "reference_id": "1040945", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3618", "reference_id": "CVE-2023-3618", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3618", "reference_id": "CVE-2023-3618", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3618" }, { "reference_url": "https://support.apple.com/kb/HT214036", "reference_id": "HT214036", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://support.apple.com/kb/HT214036" }, { "reference_url": "https://support.apple.com/kb/HT214037", "reference_id": "HT214037", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://support.apple.com/kb/HT214037" }, { "reference_url": "https://support.apple.com/kb/HT214038", "reference_id": "HT214038", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://support.apple.com/kb/HT214038" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230824-0012/", "reference_id": "ntap-20230824-0012", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230824-0012/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2289", "reference_id": "RHSA-2024:2289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-3618" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rx-c1w4-pbb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16657?format=api", "vulnerability_id": "VCID-vu6r-464p-4ue3", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01883", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01876", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01861", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01837", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01921", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01912", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01946", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01893", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01881", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01903", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01905", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01885", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01874", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01877", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/277", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176220", "reference_id": "2176220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176220" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/", "reference_id": "2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/", "reference_id": "BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4645", "reference_id": "CVE-2022-4645", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4645" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json", "reference_id": "CVE-2022-4645.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230331-0001/", "reference_id": "ntap-20230331-0001", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230331-0001/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/", "reference_id": "OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3059", "reference_id": "RHSA-2024:3059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3059" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-4645" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vu6r-464p-4ue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79886?format=api", "vulnerability_id": "VCID-vzr7-wz88-h7gx", "summary": "libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03581", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03514", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03518", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03525", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03564", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03419", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03402", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03351", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03328", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0334", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03458", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03444", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03449", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03495", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03459", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03477", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07322", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", "reference_id": "2118863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118863" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2868", "reference_id": "CVE-2022-2868", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0095", "reference_id": "RHSA-2023:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0095" }, { "reference_url": "https://usn.ubuntu.com/5604-1/", "reference_id": "USN-5604-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5604-1/" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-2868" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzr7-wz88-h7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16427?format=api", "vulnerability_id": "VCID-wza2-4rcj-hkcd", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02006", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01995", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02067", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02016", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02032", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02015", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02013", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/495", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170151", "reference_id": "2170151", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797", "reference_id": "CVE-2023-0797", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "reference_id": "CVE-2023-0797.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0797" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wza2-4rcj-hkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16425?format=api", "vulnerability_id": "VCID-x9xf-wuyn-6ffg", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07568", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07329", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07466", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07534", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07256", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/500", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/500" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632", "reference_id": "1031632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170178", "reference_id": "2170178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170178" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802", "reference_id": "CVE-2023-0802", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json", "reference_id": "CVE-2023-0802.JSON", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5361", "reference_id": "dsa-5361", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "reference_url": "https://security.gentoo.org/glsa/202305-31", "reference_id": "GLSA-202305-31", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0002/", "reference_id": "ntap-20230316-0002", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3711", "reference_id": "RHSA-2023:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5353", "reference_id": "RHSA-2023:5353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5353" }, { "reference_url": "https://usn.ubuntu.com/5923-1/", "reference_id": "USN-5923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5923-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-0802" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9xf-wuyn-6ffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18053?format=api", "vulnerability_id": "VCID-xmwn-vxux-h7g3", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09504", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14299", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14245", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16268", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16351", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16266", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16235", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16342", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1629", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16214", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16211", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16169", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16043", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16158", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/518", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T19:11:03Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216614", "reference_id": "2216614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25435", "reference_id": "CVE-2023-25435", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25435" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2023-25435" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwn-vxux-h7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18135?format=api", "vulnerability_id": "VCID-z1vf-mhw2-ducs", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06633", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07289", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07209", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07247", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07204", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07872", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07796", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0782", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07868", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07641", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0761", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07592", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07731", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07803", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/520", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/520" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218744", "reference_id": "2218744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218744" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25433", "reference_id": "CVE-2023-25433", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25433" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5079", "reference_id": "RHSA-2024:5079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5079" }, { "reference_url": "https://usn.ubuntu.com/6229-1/", "reference_id": "USN-6229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6229-1/" }, { "reference_url": "https://usn.ubuntu.com/6290-1/", "reference_id": "USN-6290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" } ], "aliases": [ "CVE-2023-25433" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1vf-mhw2-ducs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13224?format=api", "vulnerability_id": "VCID-zedn-437q-47b2", "summary": "Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10258", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10534", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10432", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10475", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10531", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10441", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10359", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1035", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10292", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10239", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10385", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10455", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/385" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "reference_id": "2064406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865", "reference_id": "CVE-2022-0865", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json", "reference_id": "CVE-2022-0865.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0865" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79574?format=api", "vulnerability_id": "VCID-zwbu-yezc-4yck", "summary": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07556", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07614", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07992", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08276", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08278", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0815", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0821", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08143", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08011", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08043", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08107", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08193", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0836", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08413", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555", "reference_id": "1022555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142736", "reference_id": "2142736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142736" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", "reference_id": "236b7191f04c60d09ee836ae13b50f812c841047", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/413", "reference_id": "413", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/413" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3597", "reference_id": "CVE-2022-3597", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3597" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json", "reference_id": "CVE-2022-3597.json", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0001/", "reference_id": "ntap-20230110-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2340", "reference_id": "RHSA-2023:2340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2340" }, { "reference_url": "https://usn.ubuntu.com/5714-1/", "reference_id": "USN-5714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-3597" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwbu-yezc-4yck" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63848?format=api", "vulnerability_id": "VCID-1asc-7axg-6ben", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70266", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70289", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.7027", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70331", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70329", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70302", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70344", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70376", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70343", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.7037", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.7042", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70431", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614051", "reference_id": "1614051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614051" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905798", "reference_id": "905798", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5079", "reference_id": "RHSA-2024:5079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5079" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-15209" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1asc-7axg-6ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63804?format=api", "vulnerability_id": "VCID-1csm-m3wq-tbck", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11335.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11335.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80434", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80389", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.8043", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80214", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80231", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80269", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80271", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80274", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80306", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80323", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80338", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80378", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01374", "scoring_system": "epss", "scoring_elements": "0.80372", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474356", "reference_id": "1474356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868513", "reference_id": "868513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868513" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-11335" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1csm-m3wq-tbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63808?format=api", "vulnerability_id": "VCID-1rsr-q1uf-ekav", "summary": "security update", "references": [ { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50477", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50438", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50447", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50399", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50322", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50375", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50407", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5036", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50388", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5047", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50463", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50505", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50482", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50467", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50492", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60153", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60075", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60178", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4100" }, { "reference_url": "http://www.securityfocus.com/bid/102345", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530440", "reference_id": "1530440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530440" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885985", "reference_id": "885985", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885985" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://security.archlinux.org/AVG-813", "reference_id": "AVG-813", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-813" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18013", "reference_id": "CVE-2017-18013", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18013" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-18013" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rsr-q1uf-ekav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13265?format=api", "vulnerability_id": "VCID-25fx-7kmb-fqhm", "summary": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18072", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18222", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18084", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17775", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17867", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18082", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18837", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1893", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18933", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18829", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18797", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24564", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24601", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/278" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "reference_id": "2064148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924", "reference_id": "CVE-2022-0924", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", "reference_id": "CVE-2022-0924.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0924" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82580?format=api", "vulnerability_id": "VCID-39ee-trms-qkes", "summary": "libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81099", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81108", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81165", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81201", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81202", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.812", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81222", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.8123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81236", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81252", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.8127", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81292", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81288", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81306", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01504", "scoring_system": "epss", "scoring_elements": "0.81351", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003799", "reference_id": "2003799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003799" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2020-19144" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39ee-trms-qkes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63626?format=api", "vulnerability_id": "VCID-45zg-bst2-byff", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88195", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88144", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88157", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88186", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.06109", "scoring_system": "epss", "scoring_elements": "0.90815", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06109", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06109", "scoring_system": "epss", "scoring_elements": "0.90851", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06109", "scoring_system": "epss", "scoring_elements": "0.90861", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06109", "scoring_system": "epss", "scoring_elements": "0.9082", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91355", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91381", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91379", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91305", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91309", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91327", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91339", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.91353", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06845", "scoring_system": "epss", "scoring_elements": "0.9132", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470241", "reference_id": "1470241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470241" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866611", "reference_id": "866611", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866611" }, { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2712", "reference_id": "CVE-2017-10688", "reference_type": "exploit", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2712" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42299.txt", "reference_id": "CVE-2017-10688", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42299.txt" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-10688" ], "risk_score": 6.0, "exploitability": "2.0", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-45zg-bst2-byff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13252?format=api", "vulnerability_id": "VCID-4mq7-s2p6-yufr", "summary": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42924", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42816", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42701", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4273", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43036", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42901", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42681", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42773", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/392" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143", "reference_id": "2064143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907", "reference_id": "CVE-2022-0907", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", "reference_id": "CVE-2022-0907.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0907" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39037?format=api", "vulnerability_id": "VCID-4n8m-6c1e-f7ba", "summary": "A vulnerability in libTIFF could lead to a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18557.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18557.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23568", "scoring_system": "epss", "scoring_elements": "0.96042", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.23568", "scoring_system": "epss", "scoring_elements": "0.9602", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.23568", "scoring_system": "epss", "scoring_elements": "0.96023", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.23568", "scoring_system": "epss", "scoring_elements": "0.96028", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.23568", "scoring_system": "epss", "scoring_elements": "0.9604", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96141", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96134", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96148", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.9611", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96115", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96128", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.9613", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.24463", "scoring_system": "epss", "scoring_elements": "0.96133", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30054", "scoring_system": "epss", "scoring_elements": "0.96644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.30054", "scoring_system": "epss", "scoring_elements": "0.96652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32235", "scoring_system": "epss", "scoring_elements": "0.96814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.32235", "scoring_system": "epss", "scoring_elements": "0.96807", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.32235", "scoring_system": "epss", "scoring_elements": "0.96816", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644229", "reference_id": "1644229", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644229" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911635", "reference_id": "911635", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911635" }, { "reference_url": "https://security.archlinux.org/ASA-201811-17", "reference_id": "ASA-201811-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-17" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-790", "reference_id": "AVG-790", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-790" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1697", "reference_id": "CVE-2018-18557", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1697" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45694.c", "reference_id": "CVE-2018-18557", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45694.c" }, { "reference_url": "https://security.gentoo.org/glsa/201904-15", "reference_id": "GLSA-201904-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-18557" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n8m-6c1e-f7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=api", "vulnerability_id": "VCID-5mak-1mkk-wkdg", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1843", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18145", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18234", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18334", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.183", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18423", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1844", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18283", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27915", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "reference_id": "2054494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561", "reference_id": "CVE-2022-0561", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", "reference_id": "CVE-2022-0561.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0561" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59342?format=api", "vulnerability_id": "VCID-6sb9-u71x-j7f5", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45417", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45357", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45301", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.454", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4547", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45516", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45431", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4544", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45274", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45339", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50218", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040", "reference_id": "1932040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523", "reference_id": "CVE-2020-35523", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35523" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" }, { "reference_url": "https://usn.ubuntu.com/4755-1/", "reference_id": "USN-4755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4755-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35523" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50130?format=api", "vulnerability_id": "VCID-7jpu-rtje-mke4", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89569", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89615", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89608", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89621", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04911", "scoring_system": "epss", "scoring_elements": "0.89623", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91053", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.90977", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.90989", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.90987", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.90984", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91016", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.9103", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91028", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91037", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.06297", "scoring_system": "epss", "scoring_elements": "0.91047", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649385", "reference_id": "1649385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649385" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913675", "reference_id": "913675", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913675" }, { "reference_url": "https://security.gentoo.org/glsa/202003-25", "reference_id": "GLSA-202003-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-25" }, { "reference_url": "https://usn.ubuntu.com/3906-1/", "reference_id": "USN-3906-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-19210" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jpu-rtje-mke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73724?format=api", "vulnerability_id": "VCID-aa6m-3c5d-hfat", "summary": "security update", "references": [ { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92973", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93091", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93056", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93063", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93086", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92985", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.92998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93003", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93011", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93027", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93022", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93026", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93042", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.09894", "scoring_system": "epss", "scoring_elements": "0.93053", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595575", "reference_id": "1595575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595575" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718", "reference_id": "902718", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902718" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12900", "reference_id": "CVE-2018-12900", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3419", "reference_id": "RHSA-2019:3419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3419" }, { "reference_url": "https://usn.ubuntu.com/3906-1/", "reference_id": "USN-3906-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-12900" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa6m-3c5d-hfat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80048?format=api", "vulnerability_id": "VCID-at8c-pabb-z3d5", "summary": "libtiff: a buffer overflow via the \"invertImage()\" may lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68151", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68087", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68054", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6808", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67898", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67949", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67963", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67987", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67974", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6799", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67972", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68024", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68004", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68046", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.73969", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.73995", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.73962", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19131" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004031", "reference_id": "2004031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1810", "reference_id": "RHSA-2022:1810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1810" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5619-1/", "reference_id": "USN-5619-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5619-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2020-19131" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at8c-pabb-z3d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82581?format=api", "vulnerability_id": "VCID-cbhv-yme7-buby", "summary": "libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76615", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76639", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76636", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7667", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76701", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76707", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7672", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76738", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76756", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.7676", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76807", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-19143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003801", "reference_id": "2003801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003801" }, { "reference_url": "https://usn.ubuntu.com/5084-1/", "reference_id": "USN-5084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-19143" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59344?format=api", "vulnerability_id": "VCID-cm5h-b1g9-tkg9", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61505", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61537", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61567", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61571", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61542", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61558", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61553", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61502", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61552", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.6161", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61572", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.616", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61652", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61667", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044", "reference_id": "1932044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35524", "reference_id": "CVE-2020-35524", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35524" }, { "reference_url": "https://security.gentoo.org/glsa/202104-06", "reference_id": "GLSA-202104-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4241", "reference_id": "RHSA-2021:4241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4241" }, { "reference_url": "https://usn.ubuntu.com/4755-1/", "reference_id": "USN-4755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4755-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2020-35524" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63803?format=api", "vulnerability_id": "VCID-d3ym-a4bv-ybaz", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65529", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65403", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65382", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65427", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65471", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65441", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65462", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65518", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65367", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65373", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65345", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65381", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65392", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65394", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.67992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68033", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9935" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469725", "reference_id": "1469725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469725" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109", "reference_id": "866109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109" }, { "reference_url": "https://security.archlinux.org/ASA-201811-17", "reference_id": "ASA-201811-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-17" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-790", "reference_id": "AVG-790", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-790" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-9935" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3ym-a4bv-ybaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50132?format=api", "vulnerability_id": "VCID-dh5n-3ubj-1uhu", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html" }, { "reference_url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84769", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85012", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84955", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.8497", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85002", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84784", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84805", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84833", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84852", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84849", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84865", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84863", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.8489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.849", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84899", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.84916", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.8494", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Nov/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667122", "reference_id": "1667122", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667122" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921157", "reference_id": "921157", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921157" }, { "reference_url": "https://security.archlinux.org/ASA-201911-13", "reference_id": "ASA-201911-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201911-13" }, { "reference_url": "https://security.archlinux.org/AVG-886", "reference_id": "AVG-886", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-886" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6128", "reference_id": "CVE-2019-6128", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6128" }, { "reference_url": "https://security.gentoo.org/glsa/202003-25", "reference_id": "GLSA-202003-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-25" }, { "reference_url": "https://usn.ubuntu.com/3906-1/", "reference_id": "USN-3906-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2019-6128" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5n-3ubj-1uhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83101?format=api", "vulnerability_id": "VCID-f1g1-tv8m-pudk", "summary": "libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81468", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81317", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81339", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81352", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.8141", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81407", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81425", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81464", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81318", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81674", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81708", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81705", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81743", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01606", "scoring_system": "epss", "scoring_elements": "0.81737", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17795" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635091", "reference_id": "1635091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-17795" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1g1-tv8m-pudk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73725?format=api", "vulnerability_id": "VCID-f2ar-xeec-1bfs", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17000.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78963", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78977", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79001", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.78975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79003", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79031", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79037", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79052", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79068", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79088", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79105", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79103", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79118", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79154", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01208", "scoring_system": "epss", "scoring_elements": "0.79162", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630004", "reference_id": "1630004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908778", "reference_id": "908778", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908778" }, { "reference_url": "https://usn.ubuntu.com/3906-1/", "reference_id": "USN-3906-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-17000" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2ar-xeec-1bfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63625?format=api", "vulnerability_id": "VCID-g55a-2qfb-kkev", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9936.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9936.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9936", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90049", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.89967", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.89984", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.89982", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.89996", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90011", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90018", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90026", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.05227", "scoring_system": "epss", "scoring_elements": "0.90041", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.05865", "scoring_system": "epss", "scoring_elements": "0.9058", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05865", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90737", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90685", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90736", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90691", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90701", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.9071", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06042", "scoring_system": "epss", "scoring_elements": "0.90721", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9936" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469728", "reference_id": "1469728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469728" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866113", "reference_id": "866113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866113" }, { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706", "reference_id": "CVE-2017-9936", "reference_type": "exploit", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42300.txt", "reference_id": "CVE-2017-9936", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42300.txt" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-9936" ], "risk_score": 6.0, "exploitability": "2.0", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g55a-2qfb-kkev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13267?format=api", "vulnerability_id": "VCID-gmhp-4yx2-gfbv", "summary": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42396", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42226", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42116", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42145", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42215", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42497", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42486", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42476", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42341", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4211", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42185", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42201", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/393" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "reference_id": "2064146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909", "reference_id": "CVE-2022-0909", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", "reference_id": "CVE-2022-0909.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73726?format=api", "vulnerability_id": "VCID-h4fa-k99r-zqdh", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17100.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17100.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53579", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53452", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53409", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53457", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5351", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53472", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53498", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5349", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53526", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53531", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54742", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54789", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.5611", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631069", "reference_id": "1631069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631069" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909038", "reference_id": "909038", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-17100" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4fa-k99r-zqdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=api", "vulnerability_id": "VCID-h6gn-kv5x-bbd5", "summary": "Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08287", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08204", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08231", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08285", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08041", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08139", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08082", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08054", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08023", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08155", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/380" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "reference_id": "2064411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891", "reference_id": "CVE-2022-0891", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", "reference_id": "CVE-2022-0891.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63806?format=api", "vulnerability_id": "VCID-hbvy-33n2-vqdz", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13726.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13726.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.7047", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70731", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70668", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70638", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70665", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70719", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70483", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70501", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70524", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70563", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70548", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70534", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70578", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70587", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70615", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70624", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70623", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70596", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.70636", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488886", "reference_id": "1488886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873880", "reference_id": "873880", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873880" }, { "reference_url": "https://security.archlinux.org/AVG-814", "reference_id": "AVG-814", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-814" }, { "reference_url": "https://security.archlinux.org/AVG-815", "reference_id": "AVG-815", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-815" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-13726" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbvy-33n2-vqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50133?format=api", "vulnerability_id": "VCID-j7hm-kkvp-uqex", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72136", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72042", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72069", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72126", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71903", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.7193", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71906", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71945", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71981", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71963", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71991", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.71976", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.7202", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72028", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72022", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72015", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72048", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72078", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677528", "reference_id": "1677528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677528" }, { "reference_url": "https://security.archlinux.org/ASA-201911-13", "reference_id": "ASA-201911-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201911-13" }, { "reference_url": "https://security.archlinux.org/AVG-886", "reference_id": "AVG-886", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-886" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7663", "reference_id": "CVE-2019-7663", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7663" }, { "reference_url": "https://security.gentoo.org/glsa/202003-25", "reference_id": "GLSA-202003-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-25" }, { "reference_url": "https://usn.ubuntu.com/3906-1/", "reference_id": "USN-3906-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2019-7663" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7hm-kkvp-uqex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82715?format=api", "vulnerability_id": "VCID-jfme-eq8v-afht", "summary": "libtiff: heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08992", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09104", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08953", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09086", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09129", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09077", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09046", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08962", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09125", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09194", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09159", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09183", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09256", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09014", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18768" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235458", "reference_id": "2235458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235458" }, { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2848", "reference_id": "show_bug.cgi?id=2848", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:35:49Z/" } ], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2020-18768" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfme-eq8v-afht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13250?format=api", "vulnerability_id": "VCID-kpq7-5vsv-pucy", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10543", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10558", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10696", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10703", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10653", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10651", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10527", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10663", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10737", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11372", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11269", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11311", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11302", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11364", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/383" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "reference_id": "2064145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908", "reference_id": "CVE-2022-0908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", "reference_id": "CVE-2022-0908.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0908" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=api", "vulnerability_id": "VCID-mhwh-tsst-cfaj", "summary": "Out-of-bounds Read\nLibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18342", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18217", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18245", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18335", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18569", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18352", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1806", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1815", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18251", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/355" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "reference_id": "2042603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844", "reference_id": "CVE-2022-22844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-22844" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50131?format=api", "vulnerability_id": "VCID-nnvs-e9na-p7fu", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59165", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59056", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59084", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59155", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59026", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58992", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5905", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59069", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59051", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59032", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59071", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5903", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59048", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59035", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58995", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59045", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59102", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17546" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/" }, { "reference_url": "https://seclists.org/bugtraq/2020/Jan/32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2020/Jan/32" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241220-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20241220-0007/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4608" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765705", "reference_id": "1765705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765705" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17546", "reference_id": "CVE-2019-17546", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17546" }, { "reference_url": "https://security.gentoo.org/glsa/202003-25", "reference_id": "GLSA-202003-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3902", "reference_id": "RHSA-2020:3902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4634", "reference_id": "RHSA-2020:4634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4634" }, { "reference_url": "https://usn.ubuntu.com/4158-1/", "reference_id": "USN-4158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4158-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2019-17546" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnvs-e9na-p7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83035?format=api", "vulnerability_id": "VCID-p3k1-dpdf-e3f3", "summary": "libtiff: tiff2bw tool failed memory allocation leads to crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18661.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37099", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3754", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37476", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37255", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37234", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37142", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37024", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37091", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3711", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3703", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37005", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3708", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37512", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37558", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40078", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40211", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40174", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40226", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644448", "reference_id": "1644448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644448" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912012", "reference_id": "912012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912012" }, { "reference_url": "https://security.archlinux.org/ASA-201811-17", "reference_id": "ASA-201811-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-17" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-790", "reference_id": "AVG-790", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-790" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-18661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3k1-dpdf-e3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63849?format=api", "vulnerability_id": "VCID-prsj-fsuv-4ucy", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16335.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16335.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82893", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.8282", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82836", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82845", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01825", "scoring_system": "epss", "scoring_elements": "0.82849", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.8345", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83469", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83471", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83488", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83523", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83534", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83335", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.8337", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83372", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83396", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83403", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83405", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01918", "scoring_system": "epss", "scoring_elements": "0.83429", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624981", "reference_id": "1624981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624981" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907795", "reference_id": "907795", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907795" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-16335" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prsj-fsuv-4ucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73727?format=api", "vulnerability_id": "VCID-pxhu-5vet-77f1", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14973.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76507", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76512", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76523", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76555", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76564", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76606", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.7661", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76598", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.7663", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76636", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76649", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76667", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76684", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76671", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.7669", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76738", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00965", "scoring_system": "epss", "scoring_elements": "0.76752", "published_at": "2026-05-15T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745951", "reference_id": "1745951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745951" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934780", "reference_id": "934780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1688", "reference_id": "RHSA-2020:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3902", "reference_id": "RHSA-2020:3902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3902" }, { "reference_url": "https://usn.ubuntu.com/4158-1/", "reference_id": "USN-4158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4158-1/" }, { "reference_url": "https://usn.ubuntu.com/5841-1/", "reference_id": "USN-5841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5841-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2019-14973" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxhu-5vet-77f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63842?format=api", "vulnerability_id": "VCID-qez8-xv6h-e3hx", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67829", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68103", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68008", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68033", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.6809", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67853", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67872", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67903", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67917", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.6794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67927", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67891", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67941", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67976", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67981", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67956", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67998", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.6804", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475530", "reference_id": "1475530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869823", "reference_id": "869823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869823" }, { "reference_url": "https://security.archlinux.org/ASA-201811-17", "reference_id": "ASA-201811-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-17" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-790", "reference_id": "AVG-790", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-790" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-11613" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qez8-xv6h-e3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12866?format=api", "vulnerability_id": "VCID-qsrb-hf2u-tudp", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09813", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09639", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09512", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09742", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09718", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09751", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09818", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09596", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09672", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17906", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17693", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "reference_id": "2054495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562", "reference_id": "CVE-2022-0562", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", "reference_id": "CVE-2022-0562.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0562" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63843?format=api", "vulnerability_id": "VCID-r4k1-psbb-53gd", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58883", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58801", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58783", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58751", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58765", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58717", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58762", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5882", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58776", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58803", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58873", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5973", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59862", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59883", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59803", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59798", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59848", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537740", "reference_id": "1537740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890441", "reference_id": "890441", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890441" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://security.archlinux.org/AVG-813", "reference_id": "AVG-813", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-813" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-5784" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4k1-psbb-53gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63847?format=api", "vulnerability_id": "VCID-r8kc-zrjf-5ycv", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17101.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17101.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67758", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67745", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67537", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67557", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67601", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67602", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67621", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67632", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67635", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67654", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67691", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67662", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68455", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631078", "reference_id": "1631078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631078" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909037", "reference_id": "909037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" }, { "reference_url": "https://usn.ubuntu.com/3906-2/", "reference_id": "USN-3906-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3906-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-17101" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8kc-zrjf-5ycv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63846?format=api", "vulnerability_id": "VCID-rn1a-sww4-bffd", "summary": "security update", "references": [ { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32814", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32782", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32669", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32737", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32776", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32685", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3271", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32788", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3303", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33074", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33104", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33044", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33085", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33062", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33024", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32876", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32858", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59586", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59659", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4349" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579058", "reference_id": "1579058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898348", "reference_id": "898348", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898348" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://security.archlinux.org/AVG-813", "reference_id": "AVG-813", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-813" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10963", "reference_id": "CVE-2018-10963", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-10963" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rn1a-sww4-bffd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63845?format=api", "vulnerability_id": "VCID-sefx-74dq-pqe1", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70821", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70684", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70724", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70758", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70728", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70756", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.7081", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70557", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.7064", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70666", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70645", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70697", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70707", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73208", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559704", "reference_id": "1559704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893806", "reference_id": "893806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893806" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://security.archlinux.org/AVG-813", "reference_id": "AVG-813", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-8905" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sefx-74dq-pqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63844?format=api", "vulnerability_id": "VCID-wk1z-n789-n7cg", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7456.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71206", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71072", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71111", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71148", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71114", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71141", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71196", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.70946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.70988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71026", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.70994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71047", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71082", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71091", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7109", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00994", "scoring_system": "epss", "scoring_elements": "0.7687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00994", "scoring_system": "epss", "scoring_elements": "0.76901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00994", "scoring_system": "epss", "scoring_elements": "0.76863", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556708", "reference_id": "1556708", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891288", "reference_id": "891288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891288" }, { "reference_url": "https://security.archlinux.org/ASA-201811-18", "reference_id": "ASA-201811-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-18" }, { "reference_url": "https://security.archlinux.org/AVG-791", "reference_id": "AVG-791", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-791" }, { "reference_url": "https://security.archlinux.org/AVG-813", "reference_id": "AVG-813", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2051", "reference_id": "RHSA-2019:2051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2053", "reference_id": "RHSA-2019:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2053" }, { "reference_url": "https://usn.ubuntu.com/3864-1/", "reference_id": "USN-3864-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3864-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2018-7456" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wk1z-n789-n7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63807?format=api", "vulnerability_id": "VCID-wuzx-t7h4-uqa8", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70352", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70609", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70546", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70597", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70381", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7036", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70406", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70421", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70445", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70458", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70466", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70446", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70497", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70506", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7048", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70519", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7055", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488887", "reference_id": "1488887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488887" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873879", "reference_id": "873879", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873879" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-13727" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wuzx-t7h4-uqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50129?format=api", "vulnerability_id": "VCID-x7w1-k9zt-qkab", "summary": "Multiple vulnerabilities have been found in LibTIFF, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88354", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88529", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88482", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.8848", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88494", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.8852", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88362", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88376", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88381", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88417", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88409", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88424", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.8842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88419", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88436", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.8844", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88452", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03989", "scoring_system": "epss", "scoring_elements": "0.88469", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4349" }, { "reference_url": "https://www.exploit-db.com/exploits/43322/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43322/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/11/30/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3" }, { "reference_url": "http://www.securityfocus.com/bid/102124", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102124" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524284", "reference_id": "1524284", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524284" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320", "reference_id": "883320", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750", "reference_id": "CVE-2017-17095", "reference_type": "exploit", "scores": [], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt", "reference_id": "CVE-2017-17095", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17095", "reference_id": "CVE-2017-17095", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17095" }, { "reference_url": "https://security.gentoo.org/glsa/202003-25", "reference_id": "GLSA-202003-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6575", "reference_id": "RHSA-2023:6575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4658", "reference_id": "RHSA-2025:4658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4658" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-17095" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7w1-k9zt-qkab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63805?format=api", "vulnerability_id": "VCID-ywac-4ng8-6uhc", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12944.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12944.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73093", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73032", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73085", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72908", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72933", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72916", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.7291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72954", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72995", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73005", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73002", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.72996", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73022", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73047", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0074", "scoring_system": "epss", "scoring_elements": "0.73009", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487202", "reference_id": "1487202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872607", "reference_id": "872607", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872607" }, { "reference_url": "https://usn.ubuntu.com/3602-1/", "reference_id": "USN-3602-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3602-1/" }, { "reference_url": "https://usn.ubuntu.com/3606-1/", "reference_id": "USN-3606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035541?format=api", "purl": "pkg:deb/debian/tiff@4.0.3-12.3%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1cjh-zx12-2fh2" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1dhy-s5x3-fuf7" }, { "vulnerability": "VCID-1j12-qxks-wkdh" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1pbp-smgt-duey" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-255p-pm39-1bb3" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-28t9-d8gb-b3h9" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2e1s-2q8y-h3er" }, { "vulnerability": "VCID-2hvh-x482-5qhw" }, { "vulnerability": "VCID-2qg1-nxq2-jkht" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-36t6-pnx8-xugd" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3rd2-fv4n-tybf" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-43cd-stdq-pbc9" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45tr-e5rv-6uch" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4e6e-nkkd-j3ef" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5h29-wne5-gbd7" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-5t8u-vcjy-t7hx" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6ngq-ungb-sycm" }, { "vulnerability": "VCID-6q62-2xsj-6kgp" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7a2s-a1kp-wke1" }, { "vulnerability": "VCID-7dzd-xznd-jug7" }, { "vulnerability": "VCID-7fes-a88m-q3ft" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-7xr6-sn1k-t7cw" }, { "vulnerability": "VCID-81ew-t25a-f7gq" }, { "vulnerability": "VCID-83hb-ksrb-yyb5" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-8f48-6u7s-xyht" }, { "vulnerability": "VCID-8kgw-n4zx-uqa8" }, { "vulnerability": "VCID-98zm-dbqt-g3eg" }, { "vulnerability": "VCID-9bfu-xyxk-xuek" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-9h6w-8dqt-23fr" }, { "vulnerability": "VCID-9hyt-7jsq-vqc5" }, { "vulnerability": "VCID-a1hq-fqkv-u7d9" }, { "vulnerability": "VCID-a3ze-kdhc-muht" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ajwe-qvmr-aqgs" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-b6cu-zk51-hkdv" }, { "vulnerability": "VCID-baha-p74p-rff4" }, { "vulnerability": "VCID-bap5-5e3b-8qea" }, { "vulnerability": "VCID-bf8s-peku-2uht" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-ceb4-e5mz-4fbp" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cswr-9c4x-xyg8" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-czxa-qesr-gfh5" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-dkbt-62ad-bqdq" }, { "vulnerability": "VCID-dxtf-qzfj-k3aq" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-fc93-fu34-37cx" }, { "vulnerability": "VCID-g2kq-ch6c-nubm" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gg7k-u39a-kqbw" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-gp1w-v49g-j3aw" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-h7df-pn57-byhx" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-hfrr-s8ge-z7hx" }, { "vulnerability": "VCID-hzcx-8haz-73fn" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-jr5v-vzng-nbcb" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-m79s-k9bt-akfc" }, { "vulnerability": "VCID-m7mp-g37h-p3g9" }, { "vulnerability": "VCID-mb38-6e5v-fbah" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-mqad-tkgf-r3ag" }, { "vulnerability": "VCID-mwb4-9fjj-qyfs" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-n5xz-y6bx-myfr" }, { "vulnerability": "VCID-n614-w2nh-rqbe" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-nyjs-ay8u-13gx" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-p9pe-czsr-9uhu" }, { "vulnerability": "VCID-pczq-1huj-p7hf" }, { "vulnerability": "VCID-pf5w-eted-9kc9" }, { "vulnerability": "VCID-phyw-fvec-1kan" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-pz1t-b538-mbhy" }, { "vulnerability": "VCID-qbff-swap-1uf6" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-qy8p-meqk-8yej" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-rqmj-ns2c-jbh4" }, { "vulnerability": "VCID-rspm-rpj5-8qfj" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s2xb-r3c7-7fc4" }, { "vulnerability": "VCID-s4k8-v3sj-23fw" }, { "vulnerability": "VCID-s7s4-ux2t-3yc5" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-sj4y-jbfp-uua3" }, { "vulnerability": "VCID-spqg-q1z6-pyex" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-u1mj-pxtw-7qet" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vn6c-kuq7-k3hv" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vxd8-dh75-fqah" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wes8-vrs4-gygk" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wpd2-zcyv-s7g8" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x91e-13q2-yked" }, { "vulnerability": "VCID-x9hb-1bes-k3hy" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xg5z-jss1-3ycp" }, { "vulnerability": "VCID-xg6v-katm-67et" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-xx3b-d12j-8qc4" }, { "vulnerability": "VCID-y7zh-9g8h-z3ce" }, { "vulnerability": "VCID-ytpu-tcxj-guex" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-z4fp-77gf-gydw" }, { "vulnerability": "VCID-zd2w-uhnu-x3an" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.3-12.3%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036987?format=api", "purl": "pkg:deb/debian/tiff@4.0.8-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1asc-7axg-6ben" }, { "vulnerability": "VCID-1csm-m3wq-tbck" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-1rsr-q1uf-ekav" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-39ee-trms-qkes" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-45zg-bst2-byff" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4n8m-6c1e-f7ba" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-7jpu-rtje-mke4" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-aa6m-3c5d-hfat" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-at8c-pabb-z3d5" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-d3ym-a4bv-ybaz" }, { "vulnerability": "VCID-dh5n-3ubj-1uhu" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-f1g1-tv8m-pudk" }, { "vulnerability": "VCID-f2ar-xeec-1bfs" }, { "vulnerability": "VCID-g55a-2qfb-kkev" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h4fa-k99r-zqdh" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-hbvy-33n2-vqdz" }, { "vulnerability": "VCID-j7hm-kkvp-uqex" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-jfme-eq8v-afht" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-nnvs-e9na-p7fu" }, { "vulnerability": "VCID-p3k1-dpdf-e3f3" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-prsj-fsuv-4ucy" }, { "vulnerability": "VCID-pxhu-5vet-77f1" }, { "vulnerability": "VCID-qez8-xv6h-e3hx" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-r4k1-psbb-53gd" }, { "vulnerability": "VCID-r8kc-zrjf-5ycv" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-rn1a-sww4-bffd" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-sefx-74dq-pqe1" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wk1z-n789-n7cg" }, { "vulnerability": "VCID-wuzx-t7h4-uqa8" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x7w1-k9zt-qkab" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-ywac-4ng8-6uhc" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.0.8-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" } ], "aliases": [ "CVE-2017-12944" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywac-4ng8-6uhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13224?format=api", "vulnerability_id": "VCID-zedn-437q-47b2", "summary": "Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10258", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10534", "published_at": "2026-05-15T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10432", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10475", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10531", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10441", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10359", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1035", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10292", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10239", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10385", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10455", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/385" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "reference_id": "2064406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865", "reference_id": "CVE-2022-0865", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json", "reference_id": "CVE-2022-0865.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037853?format=api", "purl": "pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15g8-3ryu-h3ga" }, { "vulnerability": "VCID-1mh3-q3y5-qyg1" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-25fx-7kmb-fqhm" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-2u8w-cy3j-9fen" }, { "vulnerability": "VCID-3wfj-nc9t-xfgp" }, { "vulnerability": "VCID-44ee-ueju-ykae" }, { "vulnerability": "VCID-44zu-mtmq-57cm" }, { "vulnerability": "VCID-48tr-y71p-7fbb" }, { "vulnerability": "VCID-4egk-vvjq-dyhw" }, { "vulnerability": "VCID-4mq7-s2p6-yufr" }, { "vulnerability": "VCID-4pys-mah6-hfh6" }, { "vulnerability": "VCID-4srx-3gbk-eqd3" }, { "vulnerability": "VCID-5mak-1mkk-wkdg" }, { "vulnerability": "VCID-6cry-skqu-zke9" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-6kck-g3z6-cuge" }, { "vulnerability": "VCID-6sb9-u71x-j7f5" }, { "vulnerability": "VCID-6sx9-1yfw-63cg" }, { "vulnerability": "VCID-6wzx-7a3m-ufhm" }, { "vulnerability": "VCID-72yx-48n1-jbfs" }, { "vulnerability": "VCID-76g4-kacn-7yg7" }, { "vulnerability": "VCID-8691-q4h3-eyaf" }, { "vulnerability": "VCID-9gqh-2uat-93c7" }, { "vulnerability": "VCID-ap6w-9c6j-akdp" }, { "vulnerability": "VCID-as9s-4ugc-ukgy" }, { "vulnerability": "VCID-b33v-b6h4-cqfe" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-bnbg-7q6h-8uhs" }, { "vulnerability": "VCID-cbhv-yme7-buby" }, { "vulnerability": "VCID-cm5h-b1g9-tkg9" }, { "vulnerability": "VCID-cw7d-us77-2fhv" }, { "vulnerability": "VCID-cwen-8yyj-x3aw" }, { "vulnerability": "VCID-e6c2-ajs1-abdz" }, { "vulnerability": "VCID-gmhp-4yx2-gfbv" }, { "vulnerability": "VCID-h6gn-kv5x-bbd5" }, { "vulnerability": "VCID-jdv4-3mf6-93hm" }, { "vulnerability": "VCID-ju1t-bhyh-v7du" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-kpq7-5vsv-pucy" }, { "vulnerability": "VCID-mhwh-tsst-cfaj" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-pkdx-ktz1-mbbg" }, { "vulnerability": "VCID-pnpt-r4ke-fufh" }, { "vulnerability": "VCID-qsrb-hf2u-tudp" }, { "vulnerability": "VCID-rmap-8g2y-abdc" }, { "vulnerability": "VCID-ruhz-ty5e-nkgr" }, { "vulnerability": "VCID-s95z-s4sd-cffs" }, { "vulnerability": "VCID-tddn-m5ke-euas" }, { "vulnerability": "VCID-tfyj-y9q3-t3ar" }, { "vulnerability": "VCID-tg7w-mbkg-7uhj" }, { "vulnerability": "VCID-tgf9-ax81-fub4" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ucr1-vp5p-jqck" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vu6r-464p-4ue3" }, { "vulnerability": "VCID-vzr7-wz88-h7gx" }, { "vulnerability": "VCID-wza2-4rcj-hkcd" }, { "vulnerability": "VCID-x9xf-wuyn-6ffg" }, { "vulnerability": "VCID-xmwn-vxux-h7g3" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" }, { "vulnerability": "VCID-zedn-437q-47b2" }, { "vulnerability": "VCID-zwbu-yezc-4yck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994556?format=api", "purl": "pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hfc-b4qr-jqgk" }, { "vulnerability": "VCID-1nme-2pjx-q7hp" }, { "vulnerability": "VCID-2ds7-xq64-9ue2" }, { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-6dt6-ppka-b3ct" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-h9ap-xxmw-j7dr" }, { "vulnerability": "VCID-k8kt-55y9-qyac" }, { "vulnerability": "VCID-n3ta-dm1y-gya5" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-ndwc-beev-43ck" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ua38-ur2u-eues" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-v4rx-c1w4-pbb3" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-vrtj-45t6-cqec" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" }, { "vulnerability": "VCID-z1vf-mhw2-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5" } ], "aliases": [ "CVE-2022-0865" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4" }