Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
Typeapk
Namespacealpine
Nameexiv2
Version0.27.5-r0
Qualifiers
arch aarch64
distroversion v3.19
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.28.1-r0
Latest_non_vulnerable_version0.28.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1t62-2vkz-skcs
vulnerability_id VCID-1t62-2vkz-skcs
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37619.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37619.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37619
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.2254
published_at 2026-06-04T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22521
published_at 2026-06-09T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22564
published_at 2026-06-07T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22516
published_at 2026-06-08T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22624
published_at 2026-06-05T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22609
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37619
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37619
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37619
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992174
reference_id 1992174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992174
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://access.redhat.com/errata/RHSA-2021:4173
reference_id RHSA-2021:4173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4173
7
reference_url https://access.redhat.com/errata/RHSA-2021:4319
reference_id RHSA-2021:4319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4319
8
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37619
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1t62-2vkz-skcs
1
url VCID-3kgu-nrdb-m3ac
vulnerability_id VCID-3kgu-nrdb-m3ac
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32815.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32815
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.29992
published_at 2026-06-09T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30001
published_at 2026-06-04T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30073
published_at 2026-06-05T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.29979
published_at 2026-06-08T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30006
published_at 2026-06-07T12:55:00Z
5
value 0.00117
scoring_system epss
scoring_elements 0.30037
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32815
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/pull/1739
reference_id 1739
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T20:00:12Z/
url https://github.com/Exiv2/exiv2/pull/1739
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992198
reference_id 1992198
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992198
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992705
reference_id 992705
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992705
7
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
8
reference_url https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
reference_id GHSA-mv9g-fxh2-m49m
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-03T20:00:12Z/
url https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
9
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-32815
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kgu-nrdb-m3ac
2
url VCID-3r93-j9jp-v3ec
vulnerability_id VCID-3r93-j9jp-v3ec
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37618.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37618.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37618
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.2254
published_at 2026-06-04T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22521
published_at 2026-06-09T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22564
published_at 2026-06-07T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22516
published_at 2026-06-08T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22624
published_at 2026-06-05T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22609
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37618
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37618
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992165
reference_id 1992165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992165
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://access.redhat.com/errata/RHSA-2021:4173
reference_id RHSA-2021:4173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4173
7
reference_url https://access.redhat.com/errata/RHSA-2021:4319
reference_id RHSA-2021:4319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4319
8
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37618
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r93-j9jp-v3ec
3
url VCID-4mqj-djfg-uqaa
vulnerability_id VCID-4mqj-djfg-uqaa
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37621.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37621.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37621
reference_id
reference_type
scores
0
value 0.00086
scoring_system epss
scoring_elements 0.24789
published_at 2026-06-04T12:55:00Z
1
value 0.00086
scoring_system epss
scoring_elements 0.24765
published_at 2026-06-09T12:55:00Z
2
value 0.00086
scoring_system epss
scoring_elements 0.24815
published_at 2026-06-07T12:55:00Z
3
value 0.00086
scoring_system epss
scoring_elements 0.24758
published_at 2026-06-08T12:55:00Z
4
value 0.00086
scoring_system epss
scoring_elements 0.24884
published_at 2026-06-05T12:55:00Z
5
value 0.00086
scoring_system epss
scoring_elements 0.24873
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37621
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37621
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37621
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992183
reference_id 1992183
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992183
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37621
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mqj-djfg-uqaa
4
url VCID-54gp-41sp-bkgu
vulnerability_id VCID-54gp-41sp-bkgu
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34335.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34335.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34335
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22646
published_at 2026-06-04T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22624
published_at 2026-06-09T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22669
published_at 2026-06-07T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22622
published_at 2026-06-08T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.2273
published_at 2026-06-05T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.22715
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34335
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34335
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992210
reference_id 1992210
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992210
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992707
reference_id 992707
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992707
6
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
7
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-34335
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54gp-41sp-bkgu
5
url VCID-6tm3-gvhz-mkhe
vulnerability_id VCID-6tm3-gvhz-mkhe
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37620.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37620.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37620
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24688
published_at 2026-06-04T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.2467
published_at 2026-06-09T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24719
published_at 2026-06-07T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24661
published_at 2026-06-08T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24788
published_at 2026-06-05T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24776
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37620
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37620
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37620
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992180
reference_id 1992180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992180
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
7
reference_url https://usn.ubuntu.com/5043-2/
reference_id USN-5043-2
reference_type
scores
url https://usn.ubuntu.com/5043-2/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37620
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tm3-gvhz-mkhe
6
url VCID-797c-wwr1-rbf7
vulnerability_id VCID-797c-wwr1-rbf7
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34334.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34334.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34334
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.2936
published_at 2026-06-07T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29339
published_at 2026-06-09T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29394
published_at 2026-06-06T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29326
published_at 2026-06-08T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29429
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34334
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34334
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34334
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992202
reference_id 1992202
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992202
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992706
reference_id 992706
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992706
6
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
7
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-34334
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-797c-wwr1-rbf7
7
url VCID-7gz2-7a66-nufw
vulnerability_id VCID-7gz2-7a66-nufw
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37616.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37616.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37616
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22646
published_at 2026-06-04T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22624
published_at 2026-06-09T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22669
published_at 2026-06-07T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22622
published_at 2026-06-08T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.2273
published_at 2026-06-05T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.22715
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37616
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37616
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37616
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992206
reference_id 1992206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992206
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37616
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gz2-7a66-nufw
8
url VCID-mztb-xcbm-u7gq
vulnerability_id VCID-mztb-xcbm-u7gq
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37622.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37622.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37622
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.2936
published_at 2026-06-07T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29339
published_at 2026-06-09T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29394
published_at 2026-06-06T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29326
published_at 2026-06-08T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29429
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37622
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37622
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992186
reference_id 1992186
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992186
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37622
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mztb-xcbm-u7gq
9
url VCID-ty5c-c1dk-8ua4
vulnerability_id VCID-ty5c-c1dk-8ua4
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37623.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37623.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37623
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25923
published_at 2026-06-04T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25922
published_at 2026-06-09T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.25975
published_at 2026-06-07T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.25917
published_at 2026-06-08T12:55:00Z
4
value 0.00092
scoring_system epss
scoring_elements 0.26026
published_at 2026-06-05T12:55:00Z
5
value 0.00092
scoring_system epss
scoring_elements 0.2602
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37623
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37623
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37623
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992190
reference_id 1992190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992190
5
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
6
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37623
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty5c-c1dk-8ua4
10
url VCID-y6kn-daku-1ug6
vulnerability_id VCID-y6kn-daku-1ug6
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37615.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37615
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26869
published_at 2026-06-04T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.26878
published_at 2026-06-09T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.26971
published_at 2026-06-05T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.26962
published_at 2026-06-06T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.26924
published_at 2026-06-07T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.26871
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37615
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37615
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37615
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/pull/1758
reference_id 1758
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T15:55:52Z/
url https://github.com/Exiv2/exiv2/pull/1758
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992213
reference_id 1992213
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992213
6
reference_url https://security.archlinux.org/AVG-2265
reference_id AVG-2265
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2265
7
reference_url https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
reference_id GHSA-h9x9-4f77-336w
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T15:55:52Z/
url https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
8
reference_url https://usn.ubuntu.com/5043-1/
reference_id USN-5043-1
reference_type
scores
url https://usn.ubuntu.com/5043-1/
fixed_packages
0
url pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/exiv2@0.27.5-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2021-37615
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6kn-daku-1ug6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/exiv2@0.27.5-r0%3Farch=aarch64&distroversion=v3.19&reponame=community