Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1059999?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "type": "deb", "namespace": "debian", "name": "tiff", "version": "4.7.0-3+deb13u2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.7.1-2", "latest_non_vulnerable_version": "4.7.1-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64440?format=api", "vulnerability_id": "VCID-7zdy-fxq2-p7gf", "summary": "libtiff: libtiff: Denial of service via double free in tiffcrop.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61145.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02074", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02005", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01979", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01981", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02066", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0205", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02046", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02022", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02036", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61145" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289", "reference_id": "062f109569196dbffd8ac12020b42289", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/" } ], "url": "https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441975", "reference_id": "2441975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441975" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/736", "reference_id": "736", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/736" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/753", "reference_id": "753", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7504", "reference_id": "RHSA-2026:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7504" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-61145" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7zdy-fxq2-p7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64441?format=api", "vulnerability_id": "VCID-9grz-pkwb-3kc5", "summary": "libtiff: libtiff: Denial of Service via buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08595", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0864", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08637", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08636", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08589", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08624", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d", "reference_id": "09f53a86cf26dfd961925227e59e180db617f26d", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441977", "reference_id": "2441977", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441977" }, { "reference_url": "https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952", "reference_id": "5ad17e96a0a40f03578dd6c9f8645952", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/" } ], "url": "https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/740", "reference_id": "740", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/740" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/757", "reference_id": "757", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/757" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa", "reference_id": "88cf9dbb48f6e172629795ecffae35d5052f68aa", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7504", "reference_id": "RHSA-2026:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7504" }, { "reference_url": "https://usn.ubuntu.com/8113-1/", "reference_id": "USN-8113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/994559?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-61144" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9grz-pkwb-3kc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68438?format=api", "vulnerability_id": "VCID-dg96-zmw1-8kcp", "summary": "libtiff: Libtiff Null Pointer Dereference Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09354", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09278", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10475", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1025", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10279", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10408", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13195", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1322", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13091", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13225", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386450", "reference_id": "2386450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386450" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b", "reference_id": "6ba36f159fd396ad11bf6b7874554197736ecc8b", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/718", "reference_id": "718", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/718" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/746", "reference_id": "746", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/746" }, { "reference_url": "https://vuldb.com/?ctiid.318664", "reference_id": "?ctiid.318664", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://vuldb.com/?ctiid.318664" }, { "reference_url": "https://vuldb.com/?id.318664", "reference_id": "?id.318664", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://vuldb.com/?id.318664" }, { "reference_url": "https://vuldb.com/?submit.617831", "reference_id": "?submit.617831", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://vuldb.com/?submit.617831" }, { "reference_url": "https://usn.ubuntu.com/7707-1/", "reference_id": "USN-7707-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7707-1/" }, { "reference_url": "https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link", "reference_id": "view?usp=drive_link", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link" }, { "reference_url": "http://www.libtiff.org/", "reference_id": "www.libtiff.org", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/" } ], "url": "http://www.libtiff.org/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/994559?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-8534" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg96-zmw1-8kcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64442?format=api", "vulnerability_id": "VCID-r186-xqyn-ffey", "summary": "libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02099", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02134", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02077", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02065", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02149", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02108", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02106", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02096", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441978", "reference_id": "2441978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441978" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/737", "reference_id": "737", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/737" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/755", "reference_id": "755", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/755" }, { "reference_url": "https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa", "reference_id": "9c024cd8e7b131463b84dc60af9bb0aa", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/" } ], "url": "https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7504", "reference_id": "RHSA-2026:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7504" }, { "reference_url": "https://usn.ubuntu.com/8113-1/", "reference_id": "USN-8113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/994559?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-61143" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r186-xqyn-ffey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68486?format=api", "vulnerability_id": "VCID-sqxq-hg7v-d7gv", "summary": "libtiff: LibTIFF Buffer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05168", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05196", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05251", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.065", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06428", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07471", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07513", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07429", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07461", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383608", "reference_id": "2383608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383608" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/715", "reference_id": "715", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/715" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/737", "reference_id": "737", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/737" }, { "reference_url": "https://vuldb.com/?ctiid.317591", "reference_id": "?ctiid.317591", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://vuldb.com/?ctiid.317591" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22", "reference_id": "e8c9d6c616b19438695fd829e58ae4fde5bfbc22", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22" }, { "reference_url": "https://vuldb.com/?id.317591", "reference_id": "?id.317591", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://vuldb.com/?id.317591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21407", "reference_id": "RHSA-2025:21407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21407" }, { "reference_url": "https://vuldb.com/?submit.621797", "reference_id": "?submit.621797", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "https://vuldb.com/?submit.621797" }, { "reference_url": "https://usn.ubuntu.com/7707-1/", "reference_id": "USN-7707-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7707-1/" }, { "reference_url": "http://www.libtiff.org/", "reference_id": "www.libtiff.org", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/" } ], "url": "http://www.libtiff.org/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-8177" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqxq-hg7v-d7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64120?format=api", "vulnerability_id": "VCID-ttb7-w41r-4kfn", "summary": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09462", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10702", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11774", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1186", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23945", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23859", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23926", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24038", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26266", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632", "reference_id": "1132632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "reference_id": "2450768", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4775", "reference_id": "CVE-2026-4775", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12265", "reference_id": "RHSA-2026:12265", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12271", "reference_id": "RHSA-2026:12271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994557?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38sj-85gt-sfhe" }, { "vulnerability": "VCID-4mhv-7vrm-v7hv" }, { "vulnerability": "VCID-7zdy-fxq2-p7gf" }, { "vulnerability": "VCID-9grz-pkwb-3kc5" }, { "vulnerability": "VCID-a8jf-xmj8-cuh6" }, { "vulnerability": "VCID-b4hb-cxzy-suck" }, { "vulnerability": "VCID-d8kh-h6vs-gqd4" }, { "vulnerability": "VCID-dg96-zmw1-8kcp" }, { "vulnerability": "VCID-ndc5-qn5u-3qbq" }, { "vulnerability": "VCID-r186-xqyn-ffey" }, { "vulnerability": "VCID-rp7t-x7gz-9udg" }, { "vulnerability": "VCID-sqxq-hg7v-d7gv" }, { "vulnerability": "VCID-ttb7-w41r-4kfn" }, { "vulnerability": "VCID-ukgj-45m7-6uba" }, { "vulnerability": "VCID-vju4-pghv-47bx" }, { "vulnerability": "VCID-yfxw-tmnn-byc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2026-4775" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb7-w41r-4kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68487?format=api", "vulnerability_id": "VCID-vju4-pghv-47bx", "summary": "libtiff: LibTIFF Use-After-Free Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04686", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06044", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06001", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05993", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06035", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06901", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06895", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06924", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598", "reference_id": "2383598", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/707", "reference_id": "707", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/707" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727", "reference_id": "727", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727" }, { "reference_url": "https://vuldb.com/?ctiid.317590", "reference_id": "?ctiid.317590", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://vuldb.com/?ctiid.317590" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172", "reference_id": "fe10872e53efba9cc36c66ac4ab3b41a839d5172", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172" }, { "reference_url": "https://vuldb.com/?id.317590", "reference_id": "?id.317590", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://vuldb.com/?id.317590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19113", "reference_id": "RHSA-2025:19113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19906", "reference_id": "RHSA-2025:19906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20034", "reference_id": "RHSA-2025:20034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20956", "reference_id": "RHSA-2025:20956", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20956" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21407", "reference_id": "RHSA-2025:21407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21507", "reference_id": "RHSA-2025:21507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21508", "reference_id": "RHSA-2025:21508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21994", "reference_id": "RHSA-2025:21994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://vuldb.com/?submit.621796", "reference_id": "?submit.621796", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "https://vuldb.com/?submit.621796" }, { "reference_url": "https://usn.ubuntu.com/7707-1/", "reference_id": "USN-7707-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7707-1/" }, { "reference_url": "http://www.libtiff.org/", "reference_id": "www.libtiff.org", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/" } ], "url": "http://www.libtiff.org/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068108?format=api", "purl": "pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059999?format=api", "purl": "pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054005?format=api", "purl": "pkg:deb/debian/tiff@4.7.1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2" } ], "aliases": [ "CVE-2025-8176" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vju4-pghv-47bx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2" }