{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","type":"deb","namespace":"debian","name":"tinyexr","version":"1.0.13+dfsg-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209336?format=json","vulnerability_id":"VCID-75ah-anfj-8ugk","summary":"In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34300","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80063","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34300"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014980","reference_id":"1014980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014980"},{"reference_url":"https://usn.ubuntu.com/7913-1/","reference_id":"USN-7913-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7913-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-34300"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75ah-anfj-8ugk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209376?format=json","vulnerability_id":"VCID-9dc8-qr9e-9fde","summary":"tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38529","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38529"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-38529"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dc8-qr9e-9fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219187?format=json","vulnerability_id":"VCID-9sgd-1qep-3qh6","summary":"tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12504","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12504"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sgd-1qep-3qh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219190?format=json","vulnerability_id":"VCID-bdvf-1zjt-yycj","summary":"tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18428","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-18428"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdvf-1zjt-yycj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219192?format=json","vulnerability_id":"VCID-gxwx-f77j-1fdf","summary":"tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19490","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37327","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-19490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxwx-f77j-1fdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219183?format=json","vulnerability_id":"VCID-h4de-3f1e-mbcs","summary":"tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12064","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61321","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12064"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12064"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4de-3f1e-mbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219186?format=json","vulnerability_id":"VCID-p8xc-zzb8-w3am","summary":"tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12503","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61856","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12503"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8xc-zzb8-w3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219189?format=json","vulnerability_id":"VCID-smxy-qwmb-wban","summary":"An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20652","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62419","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20652"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-20652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smxy-qwmb-wban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219184?format=json","vulnerability_id":"VCID-wjd5-z65x-uffq","summary":"tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12092","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61856","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12092"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12092"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjd5-z65x-uffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219191?format=json","vulnerability_id":"VCID-y1xn-xr9s-jkge","summary":"tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18430","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-18430"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1xn-xr9s-jkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219185?format=json","vulnerability_id":"VCID-y8z6-z74d-fqda","summary":"tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12093","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12093"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8z6-z74d-fqda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219188?format=json","vulnerability_id":"VCID-zk8b-ne3r-sybk","summary":"tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12688","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61856","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105759?format=json","purl":"pkg:deb/debian/tinyexr@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105760?format=json","purl":"pkg:deb/debian/tinyexr@1.0.0%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.0%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105758?format=json","purl":"pkg:deb/debian/tinyexr@1.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105762?format=json","purl":"pkg:deb/debian/tinyexr@1.0.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105761?format=json","purl":"pkg:deb/debian/tinyexr@1.0.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zk8b-ne3r-sybk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tinyexr@1.0.13%252Bdfsg-2%3Fdistro=trixie"}