{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","type":"deb","namespace":"debian","name":"advancecomp","version":"2.5-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209351?format=json","vulnerability_id":"VCID-9hb9-b2m3-vubq","summary":"Advancecomp v2.3 was discovered to contain a segmentation fault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35018.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35018","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34476","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34653","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35018"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127386","reference_id":"2127386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127386"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35018"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hb9-b2m3-vubq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205728?format=json","vulnerability_id":"VCID-bxrc-mhbv-a3es","summary":"An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1056.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1056","reference_id":"","reference_type":"","scores":[{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62197","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62299","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542333","reference_id":"1542333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542333"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270","reference_id":"889270","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270"},{"reference_url":"https://usn.ubuntu.com/3570-1/","reference_id":"USN-3570-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3570-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23074?format=json","purl":"pkg:deb/debian/advancecomp@2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23075?format=json","purl":"pkg:deb/debian/advancecomp@2.1-2.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hb9-b2m3-vubq"},{"vulnerability":"VCID-hapb-hky8-2ue5"},{"vulnerability":"VCID-j27n-sht4-2bcz"},{"vulnerability":"VCID-jqxn-8ed3-pfbr"},{"vulnerability":"VCID-rgqv-7yj6-aye9"},{"vulnerability":"VCID-sdv6-xr99-ebhy"},{"vulnerability":"VCID-upby-pudd-jqdt"},{"vulnerability":"VCID-wpkk-h4d3-wqgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1056"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxrc-mhbv-a3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207449?format=json","vulnerability_id":"VCID-c7ab-96a1-6bgf","summary":"An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8383.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8383","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54984","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.55105","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1708563","reference_id":"1708563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1708563"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928730","reference_id":"928730","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2332","reference_id":"RHSA-2019:2332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2332"},{"reference_url":"https://usn.ubuntu.com/5671-1/","reference_id":"USN-5671-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5671-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23075?format=json","purl":"pkg:deb/debian/advancecomp@2.1-2.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hb9-b2m3-vubq"},{"vulnerability":"VCID-hapb-hky8-2ue5"},{"vulnerability":"VCID-j27n-sht4-2bcz"},{"vulnerability":"VCID-jqxn-8ed3-pfbr"},{"vulnerability":"VCID-rgqv-7yj6-aye9"},{"vulnerability":"VCID-sdv6-xr99-ebhy"},{"vulnerability":"VCID-upby-pudd-jqdt"},{"vulnerability":"VCID-wpkk-h4d3-wqgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2019-8383"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7ab-96a1-6bgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209348?format=json","vulnerability_id":"VCID-hapb-hky8-2ue5","summary":"Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35015.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35015","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30931","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31127","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35015"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127378","reference_id":"2127378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127378"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35015"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hapb-hky8-2ue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209349?format=json","vulnerability_id":"VCID-j27n-sht4-2bcz","summary":"Advancecomp v2.3 was discovered to contain a heap buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35016.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35016","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30931","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31127","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127380","reference_id":"2127380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127380"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35016"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j27n-sht4-2bcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209350?format=json","vulnerability_id":"VCID-jqxn-8ed3-pfbr","summary":"Advancecomp v2.3 was discovered to contain a heap buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35017.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35017","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27058","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27261","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35017"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127383","reference_id":"2127383","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127383"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35017"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqxn-8ed3-pfbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151213?format=json","vulnerability_id":"VCID-rgqv-7yj6-aye9","summary":"A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2961.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2961","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33537","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33717","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2210768","reference_id":"show_bug.cgi?id=2210768","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T21:24:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2210768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2023-2961"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgqv-7yj6-aye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209347?format=json","vulnerability_id":"VCID-sdv6-xr99-ebhy","summary":"Advancecomp v2.3 contains a segmentation fault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35014.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35014","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29923","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30119","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35014"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127376","reference_id":"2127376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127376"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35014"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdv6-xr99-ebhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207519?format=json","vulnerability_id":"VCID-sznw-27qv-5ffg","summary":"In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9210.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9210","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54789","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54912","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684596","reference_id":"1684596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684596"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923416","reference_id":"923416","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1037","reference_id":"RHSA-2020:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1037"},{"reference_url":"https://usn.ubuntu.com/3936-1/","reference_id":"USN-3936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3936-1/"},{"reference_url":"https://usn.ubuntu.com/3936-2/","reference_id":"USN-3936-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3936-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23076?format=json","purl":"pkg:deb/debian/advancecomp@2.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23075?format=json","purl":"pkg:deb/debian/advancecomp@2.1-2.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hb9-b2m3-vubq"},{"vulnerability":"VCID-hapb-hky8-2ue5"},{"vulnerability":"VCID-j27n-sht4-2bcz"},{"vulnerability":"VCID-jqxn-8ed3-pfbr"},{"vulnerability":"VCID-rgqv-7yj6-aye9"},{"vulnerability":"VCID-sdv6-xr99-ebhy"},{"vulnerability":"VCID-upby-pudd-jqdt"},{"vulnerability":"VCID-wpkk-h4d3-wqgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9210"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sznw-27qv-5ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209353?format=json","vulnerability_id":"VCID-upby-pudd-jqdt","summary":"Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35020.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35020","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30931","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31127","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35020"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127394","reference_id":"2127394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127394"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35020"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upby-pudd-jqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207448?format=json","vulnerability_id":"VCID-w22g-kshz-1bdp","summary":"An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8379.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8379","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48999","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49136","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8379"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1708561","reference_id":"1708561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1708561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928729","reference_id":"928729","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2332","reference_id":"RHSA-2019:2332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2332"},{"reference_url":"https://usn.ubuntu.com/5671-1/","reference_id":"USN-5671-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5671-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23075?format=json","purl":"pkg:deb/debian/advancecomp@2.1-2.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hb9-b2m3-vubq"},{"vulnerability":"VCID-hapb-hky8-2ue5"},{"vulnerability":"VCID-j27n-sht4-2bcz"},{"vulnerability":"VCID-jqxn-8ed3-pfbr"},{"vulnerability":"VCID-rgqv-7yj6-aye9"},{"vulnerability":"VCID-sdv6-xr99-ebhy"},{"vulnerability":"VCID-upby-pudd-jqdt"},{"vulnerability":"VCID-wpkk-h4d3-wqgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.1-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2019-8379"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w22g-kshz-1bdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209352?format=json","vulnerability_id":"VCID-wpkk-h4d3-wqgm","summary":"Advancecomp v2.3 was discovered to contain a segmentation fault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35019.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35019","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34476","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34653","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592","reference_id":"1019592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127389","reference_id":"2127389","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127389"},{"reference_url":"https://usn.ubuntu.com/5838-1/","reference_id":"USN-5838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23077?format=json","purl":"pkg:deb/debian/advancecomp@2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23073?format=json","purl":"pkg:deb/debian/advancecomp@2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-35019"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpkk-h4d3-wqgm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/advancecomp@2.5-1%3Fdistro=trixie"}