{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"openexr","version":"2.2.1-r0","qualifiers":{"arch":"armv7","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.0-r0","latest_non_vulnerable_version":"3.4.11-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96259?format=json","vulnerability_id":"VCID-3cha-7x64-qbdd","summary":"In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9116.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9116","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63082","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63065","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6308","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63088","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455540","reference_id":"1455540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455540"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9116"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cha-7x64-qbdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43715?format=json","vulnerability_id":"VCID-9uvs-zg72-ruc1","summary":"OpenEXR invalid write\nIn OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00060.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00000.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9111.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9111","reference_id":"","reference_type":"","scores":[{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85356","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85378","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85384","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85379","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02402","scoring_system":"epss","scoring_elements":"0.85364","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AcademySoftwareFoundation/openexr"},{"reference_url":"https://github.com/openexr/openexr/issues/232","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/issues/232"},{"reference_url":"https://github.com/openexr/openexr/pull/233","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/pull/233"},{"reference_url":"https://github.com/openexr/openexr/releases/tag/v2.2.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/releases/tag/v2.2.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"},{"reference_url":"https://usn.ubuntu.com/4148-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4148-1"},{"reference_url":"https://usn.ubuntu.com/4339-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4339-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4755","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4755"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/05/12/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455528","reference_id":"1455528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9111","reference_id":"CVE-2017-9111","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9111"},{"reference_url":"https://github.com/advisories/GHSA-qxh9-r8xw-7v99","reference_id":"GHSA-qxh9-r8xw-7v99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxh9-r8xw-7v99"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9111","GHSA-qxh9-r8xw-7v99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uvs-zg72-ruc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96258?format=json","vulnerability_id":"VCID-9xsw-9z5g-b3b3","summary":"In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9115.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9115","reference_id":"","reference_type":"","scores":[{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86282","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86304","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86306","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.86302","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02756","scoring_system":"epss","scoring_elements":"0.8629","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455537","reference_id":"1455537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9115"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xsw-9z5g-b3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43599?format=json","vulnerability_id":"VCID-bpzu-jyex-3ygm","summary":"OpenEXR invalid read\nIn OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9112.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9112","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74334","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74309","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/AcademySoftwareFoundation/openexr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AcademySoftwareFoundation/openexr"},{"reference_url":"https://github.com/openexr/openexr/issues/232","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/issues/232"},{"reference_url":"https://github.com/openexr/openexr/pull/233","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/pull/233"},{"reference_url":"https://github.com/openexr/openexr/releases/tag/v2.2.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openexr/openexr/releases/tag/v2.2.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"},{"reference_url":"https://usn.ubuntu.com/4148-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4148-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/05/12/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455530","reference_id":"1455530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9112","reference_id":"CVE-2017-9112","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9112"},{"reference_url":"https://github.com/advisories/GHSA-8m57-j273-2qg9","reference_id":"GHSA-8m57-j273-2qg9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m57-j273-2qg9"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9112","GHSA-8m57-j273-2qg9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzu-jyex-3ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96255?format=json","vulnerability_id":"VCID-dun1-9d71-3ydd","summary":"In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9110.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9110","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.6429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64341","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64332","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64321","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64335","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64343","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455526","reference_id":"1455526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455526"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9110"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dun1-9d71-3ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96257?format=json","vulnerability_id":"VCID-svb6-ngpk-ryar","summary":"In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9114.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9114","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69488","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69532","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69524","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69512","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69526","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69534","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455535","reference_id":"1455535","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455535"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078","reference_id":"864078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9114"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svb6-ngpk-ryar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96256?format=json","vulnerability_id":"VCID-vscr-wzh4-n3dz","summary":"In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9113.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9113","reference_id":"","reference_type":"","scores":[{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85865","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.8588","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02586","scoring_system":"epss","scoring_elements":"0.85882","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455533","reference_id":"1455533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1455533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885","reference_id":"873885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885"},{"reference_url":"https://usn.ubuntu.com/4148-1/","reference_id":"USN-4148-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4148-1/"},{"reference_url":"https://usn.ubuntu.com/4339-1/","reference_id":"USN-4339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/407716?format=json","purl":"pkg:apk/alpine/openexr@2.2.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}],"aliases":["CVE-2017-9113"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vscr-wzh4-n3dz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openexr@2.2.1-r0%3Farch=armv7&distroversion=edge&reponame=community"}