{"url":"http://public2.vulnerablecode.io/api/packages/106743?format=json","purl":"pkg:deb/debian/vips@0?distro=trixie","type":"deb","namespace":"debian","name":"vips","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.14.5-2","latest_non_vulnerable_version":"8.18.3-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219239?format=json","vulnerability_id":"VCID-h2cq-8gw3-4qbr","summary":"libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40032","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32472","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32653","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32675","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32651","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40032"},{"reference_url":"https://usn.ubuntu.com/6437-1/","reference_id":"USN-6437-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6437-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106743?format=json","purl":"pkg:deb/debian/vips@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106739?format=json","purl":"pkg:deb/debian/vips@8.10.5-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8946-28v3-6yh7"},{"vulnerability":"VCID-cz3w-5229-yqbb"},{"vulnerability":"VCID-d5bp-3xp3-uygr"},{"vulnerability":"VCID-dfdn-svbh-5uhx"},{"vulnerability":"VCID-jy3m-nthz-g3e6"},{"vulnerability":"VCID-quau-v1s5-b3a4"},{"vulnerability":"VCID-um8m-4ww1-tke3"},{"vulnerability":"VCID-w1c6-b16t-ufcv"},{"vulnerability":"VCID-zcms-g4vq-4bgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.10.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106747?format=json","purl":"pkg:deb/debian/vips@8.14.1-3%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.1-3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106737?format=json","purl":"pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w1c6-b16t-ufcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.1-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106748?format=json","purl":"pkg:deb/debian/vips@8.14.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106741?format=json","purl":"pkg:deb/debian/vips@8.16.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w1c6-b16t-ufcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.16.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106740?format=json","purl":"pkg:deb/debian/vips@8.18.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1088991?format=json","purl":"pkg:deb/debian/vips@8.18.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.3-1%3Fdistro=trixie"}],"aliases":["CVE-2023-40032"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2cq-8gw3-4qbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219238?format=json","vulnerability_id":"VCID-nhw4-ugdt-8qf9","summary":"vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17534","reference_id":"","reference_type":"","scores":[{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.75003","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.75074","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.75084","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106743?format=json","purl":"pkg:deb/debian/vips@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106739?format=json","purl":"pkg:deb/debian/vips@8.10.5-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8946-28v3-6yh7"},{"vulnerability":"VCID-cz3w-5229-yqbb"},{"vulnerability":"VCID-d5bp-3xp3-uygr"},{"vulnerability":"VCID-dfdn-svbh-5uhx"},{"vulnerability":"VCID-jy3m-nthz-g3e6"},{"vulnerability":"VCID-quau-v1s5-b3a4"},{"vulnerability":"VCID-um8m-4ww1-tke3"},{"vulnerability":"VCID-w1c6-b16t-ufcv"},{"vulnerability":"VCID-zcms-g4vq-4bgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.10.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106737?format=json","purl":"pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w1c6-b16t-ufcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.1-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106741?format=json","purl":"pkg:deb/debian/vips@8.16.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w1c6-b16t-ufcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.16.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106740?format=json","purl":"pkg:deb/debian/vips@8.18.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1088991?format=json","purl":"pkg:deb/debian/vips@8.18.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.3-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17534"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhw4-ugdt-8qf9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@0%3Fdistro=trixie"}