{"url":"http://public2.vulnerablecode.io/api/packages/336579?format=json","purl":"pkg:apk/alpine/openjpeg@2.3.0-r2?arch=aarch64&distroversion=edge&reponame=main","type":"apk","namespace":"alpine","name":"openjpeg","version":"2.3.0-r2","qualifiers":{"arch":"aarch64","distroversion":"edge","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.3.0-r3","latest_non_vulnerable_version":"2.5.3-r1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96783?format=json","vulnerability_id":"VCID-dxxc-m8re-dfd2","summary":"Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14423.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14423","reference_id":"","reference_type":"","scores":[{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81623","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81633","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81625","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81618","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609909","reference_id":"1609909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609909"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904873","reference_id":"904873","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904873"},{"reference_url":"https://usn.ubuntu.com/4109-1/","reference_id":"USN-4109-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4109-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/336579?format=json","purl":"pkg:apk/alpine/openjpeg@2.3.0-r2?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjpeg@2.3.0-r2%3Farch=aarch64&distroversion=edge&reponame=main"}],"aliases":["CVE-2018-14423"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxxc-m8re-dfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96791?format=json","vulnerability_id":"VCID-tk9d-ympm-nqbn","summary":"In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6616.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6616","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52288","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52348","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52355","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52335","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52326","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542321","reference_id":"1542321","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889683","reference_id":"889683","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889683"},{"reference_url":"https://usn.ubuntu.com/4109-1/","reference_id":"USN-4109-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4109-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/336579?format=json","purl":"pkg:apk/alpine/openjpeg@2.3.0-r2?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjpeg@2.3.0-r2%3Farch=aarch64&distroversion=edge&reponame=main"}],"aliases":["CVE-2018-6616"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk9d-ympm-nqbn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjpeg@2.3.0-r2%3Farch=aarch64&distroversion=edge&reponame=main"}