{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"exiv2","version":"0.27.2-r0","qualifiers":{"arch":"s390x","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.27.2-r2","latest_non_vulnerable_version":"0.28.6-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35374?format=json","vulnerability_id":"VCID-2mmu-fyex-z3cs","summary":"http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13114.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13114","reference_id":"","reference_type":"","scores":[{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.85835","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.85816","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.85838","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.8584","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.85837","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02568","scoring_system":"epss","scoring_elements":"0.85821","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/Exiv2/exiv2/issues/793","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Exiv2/exiv2/issues/793"},{"reference_url":"https://github.com/Exiv2/exiv2/pull/815","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Exiv2/exiv2/pull/815"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"},{"reference_url":"https://support.f5.com/csp/article/K45429077?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://support.f5.com/csp/article/K45429077?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4056-1/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://usn.ubuntu.com/4056-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728494","reference_id":"1728494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1577","reference_id":"RHSA-2020:1577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13114","PYSEC-2019-257"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mmu-fyex-z3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66995?format=json","vulnerability_id":"VCID-bgxg-8s1g-ffdf","summary":"A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13110.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13110","reference_id":"","reference_type":"","scores":[{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.806","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80626","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80628","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80625","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80621","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01379","scoring_system":"epss","scoring_elements":"0.80641","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728486","reference_id":"1728486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13110"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgxg-8s1g-ffdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66990?format=json","vulnerability_id":"VCID-mead-7gnc-97g8","summary":"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13108.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13108","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50601","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50608","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50588","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50558","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50574","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13108"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728481","reference_id":"1728481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13108"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mead-7gnc-97g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66997?format=json","vulnerability_id":"VCID-njc6-a4sc-73d7","summary":"A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13111","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50942","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50989","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50959","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728488","reference_id":"1728488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1577","reference_id":"RHSA-2020:1577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13111"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njc6-a4sc-73d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67002?format=json","vulnerability_id":"VCID-q7uj-vm5u-cqej","summary":"Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13113.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13113","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44789","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44859","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44865","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44844","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44815","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44826","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13113"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728492","reference_id":"1728492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1577","reference_id":"RHSA-2020:1577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13113"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7uj-vm5u-cqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67000?format=json","vulnerability_id":"VCID-v6kx-dq2g-97hv","summary":"A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13112.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13112","reference_id":"","reference_type":"","scores":[{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82562","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.8259","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82587","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.8258","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82593","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728490","reference_id":"1728490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1577","reference_id":"RHSA-2020:1577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13112"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6kx-dq2g-97hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66992?format=json","vulnerability_id":"VCID-xk1t-2cbw-6kf4","summary":"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13109.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13109","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60933","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60981","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60989","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60978","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60962","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60977","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13109"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728484","reference_id":"1728484","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1577","reference_id":"RHSA-2020:1577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364362?format=json","purl":"pkg:apk/alpine/exiv2@0.27.2-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-13109"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk1t-2cbw-6kf4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.2-r0%3Farch=s390x&distroversion=edge&reponame=community"}