{"url":"http://public2.vulnerablecode.io/api/packages/1097103?format=json","purl":"pkg:apk/alpine/libexif@0.6.26-r0?arch=aarch64&distroversion=v3.23&reponame=community","type":"apk","namespace":"alpine","name":"libexif","version":"0.6.26-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.23","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62882?format=json","vulnerability_id":"VCID-6jqb-s4w9-y3af","summary":"libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40385","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03638","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03669","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03662","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922","reference_id":"1133922","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133922"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457687","reference_id":"2457687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457687"},{"reference_url":"https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58","reference_id":"93003b93e50b3d259bd2227d8775b73a53c35d58","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:42Z/"}],"url":"https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20929","reference_id":"RHSA-2026:20929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22553","reference_id":"RHSA-2026:22553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1097103?format=json","purl":"pkg:apk/alpine/libexif@0.6.26-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.26-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-40385"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jqb-s4w9-y3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64897?format=json","vulnerability_id":"VCID-huqq-ss1g-jue2","summary":"libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32775","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00821","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00822","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00828","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00825","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116","reference_id":"1131116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447881","reference_id":"2447881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447881"},{"reference_url":"https://github.com/libexif/libexif/issues/247","reference_id":"247","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/"}],"url":"https://github.com/libexif/libexif/issues/247"},{"reference_url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","reference_id":"7df372e9d31d7c993a22b913c813a5f7ec4f3692","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-16T13:45:37Z/"}],"url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1097103?format=json","purl":"pkg:apk/alpine/libexif@0.6.26-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.26-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-32775"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huqq-ss1g-jue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62881?format=json","vulnerability_id":"VCID-kmqk-uta9-83e7","summary":"libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40386","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00458","published_at":"2026-06-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00464","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00461","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923","reference_id":"1133923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457689","reference_id":"2457689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457689"},{"reference_url":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b","reference_id":"dc6eac6e9655d14d0779d99e82d0f5f442d2f34b","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:18:57Z/"}],"url":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20929","reference_id":"RHSA-2026:20929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22529","reference_id":"RHSA-2026:22529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22553","reference_id":"RHSA-2026:22553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1097103?format=json","purl":"pkg:apk/alpine/libexif@0.6.26-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.26-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-40386"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqk-uta9-83e7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libexif@0.6.26-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"}