{"url":"http://public2.vulnerablecode.io/api/packages/187633?format=json","purl":"pkg:rpm/redhat/libtiff@3.5.7-20?arch=1","type":"rpm","namespace":"redhat","name":"libtiff","version":"3.5.7-20","qualifiers":{"arch":"1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102679?format=json","vulnerability_id":"VCID-4njj-sjhk-wycq","summary":"Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0804.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0804","reference_id":"","reference_type":"","scores":[{"value":"0.19172","scoring_system":"epss","scoring_elements":"0.95473","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19172","scoring_system":"epss","scoring_elements":"0.9548","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617295","reference_id":"1617295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617295"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:577","reference_id":"RHSA-2004:577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:021","reference_id":"RHSA-2005:021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:354","reference_id":"RHSA-2005:354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:354"}],"fixed_packages":[],"aliases":["CVE-2004-0804"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4njj-sjhk-wycq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102677?format=json","vulnerability_id":"VCID-bx4n-15rr-4yem","summary":"Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0803.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0803","reference_id":"","reference_type":"","scores":[{"value":"0.17883","scoring_system":"epss","scoring_elements":"0.95265","published_at":"2026-06-04T12:55:00Z"},{"value":"0.17883","scoring_system":"epss","scoring_elements":"0.95273","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617294","reference_id":"1617294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:577","reference_id":"RHSA-2004:577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:021","reference_id":"RHSA-2005:021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:354","reference_id":"RHSA-2005:354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:354"}],"fixed_packages":[],"aliases":["CVE-2004-0803"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bx4n-15rr-4yem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102684?format=json","vulnerability_id":"VCID-gz4p-s7cb-5qd8","summary":"Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1307","reference_id":"","reference_type":"","scores":[{"value":"0.05111","scoring_system":"epss","scoring_elements":"0.90008","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05111","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1307"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617405","reference_id":"1617405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:577","reference_id":"RHSA-2004:577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:021","reference_id":"RHSA-2005:021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:021"}],"fixed_packages":[],"aliases":["CVE-2004-1307"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gz4p-s7cb-5qd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102681?format=json","vulnerability_id":"VCID-rvg9-bqhf-r3fg","summary":"Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0886.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0886","reference_id":"","reference_type":"","scores":[{"value":"0.10989","scoring_system":"epss","scoring_elements":"0.93563","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10989","scoring_system":"epss","scoring_elements":"0.93573","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0886"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617314","reference_id":"1617314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:577","reference_id":"RHSA-2004:577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:021","reference_id":"RHSA-2005:021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:354","reference_id":"RHSA-2005:354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:354"}],"fixed_packages":[],"aliases":["CVE-2004-0886"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvg9-bqhf-r3fg"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@3.5.7-20%3Farch=1"}