{"url":"http://public2.vulnerablecode.io/api/packages/43351?format=json","purl":"pkg:conan/libtiff@4.3.0","type":"conan","namespace":"","name":"libtiff","version":"4.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.7.0","latest_non_vulnerable_version":"4.7.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14383?format=json","vulnerability_id":"VCID-1mh3-q3y5-qyg1","summary":"Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1622","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28448","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27969","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2799","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28585","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28387","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28398","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28345","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28107","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28028","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27933","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27959","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27874","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27895","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/410","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/410"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084269","reference_id":"2084269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084269"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1622","reference_id":"CVE-2022-1622","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1622"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json","reference_id":"CVE-2022-1622.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-1622"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mh3-q3y5-qyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13265?format=json","vulnerability_id":"VCID-25fx-7kmb-fqhm","summary":"Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0924","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18179","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18084","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18023","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17775","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17867","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18082","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18797","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18829","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18933","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1893","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18945","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24564","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24601","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/278","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/278"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/311","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064148","reference_id":"2064148","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064148"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0924","reference_id":"CVE-2022-0924","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0924"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json","reference_id":"CVE-2022-0924.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0924"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13252?format=json","vulnerability_id":"VCID-4mq7-s2p6-yufr","summary":"Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0907","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42924","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42842","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4273","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42816","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42952","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43002","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42969","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42901","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42681","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42757","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42773","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42701","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/392","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/392"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/314","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/314"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064143","reference_id":"2064143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064143"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0907","reference_id":"CVE-2022-0907","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0907"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json","reference_id":"CVE-2022-0907.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0907"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=json","vulnerability_id":"VCID-5mak-1mkk-wkdg","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18441","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18234","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18334","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.183","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18329","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18423","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1843","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1844","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18145","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27915","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/362","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494","reference_id":"2054494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561","reference_id":"CVE-2022-0561","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json","reference_id":"CVE-2022-0561.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0561"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13632?format=json","vulnerability_id":"VCID-5r1p-webw-nkcn","summary":"Uncontrolled Resource Consumption\nA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1210.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1210","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15556","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15344","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15382","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15327","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1532","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15405","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1545","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15527","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1554","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15575","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15374","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15475","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15437","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15372","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15296","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1210"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/402","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:06Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/402"},{"reference_url":"https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:06Z/"}],"url":"https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff"},{"reference_url":"https://vuldb.com/?id.196363","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:06Z/"}],"url":"https://vuldb.com/?id.196363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072614","reference_id":"2072614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1210","reference_id":"CVE-2022-1210","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1210"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:06Z/"}],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220513-0005/","reference_id":"ntap-20220513-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:14:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220513-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-1210"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5r1p-webw-nkcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14381?format=json","vulnerability_id":"VCID-72yx-48n1-jbfs","summary":"Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1623","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.55978","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56138","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56047","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56107","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56056","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5608","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5614","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56157","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56133","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56151","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56823","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/410","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/410"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084260","reference_id":"2084260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084260"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1623","reference_id":"CVE-2022-1623","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1623"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json","reference_id":"CVE-2022-1623.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-1623"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72yx-48n1-jbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13267?format=json","vulnerability_id":"VCID-gmhp-4yx2-gfbv","summary":"Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0909","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42396","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42251","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42145","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42215","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42226","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42435","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42518","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42451","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42476","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4211","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42185","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42116","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/393","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/393"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/310","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/310"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064146","reference_id":"2064146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064146"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0909","reference_id":"CVE-2022-0909","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0909"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json","reference_id":"CVE-2022-0909.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0909"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=json","vulnerability_id":"VCID-h6gn-kv5x-bbd5","summary":"Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08298","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08231","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08285","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08287","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08179","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08041","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08155","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08221","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08204","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/380","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/380"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/382","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411","reference_id":"2064411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891","reference_id":"CVE-2022-0891","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","reference_id":"CVE-2022-0891.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13532?format=json","vulnerability_id":"VCID-h9ap-xxmw-j7dr","summary":"Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1056","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22885","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22901","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22914","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22932","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22929","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23084","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22869","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22864","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2284","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/391","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/391"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/307","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/307"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233599","reference_id":"2233599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233599"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1056","reference_id":"CVE-2022-1056","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1056"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json","reference_id":"CVE-2022-1056.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-1056"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ap-xxmw-j7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13250?format=json","vulnerability_id":"VCID-kpq7-5vsv-pucy","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0908","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10543","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10558","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1072","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10703","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10653","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10569","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10527","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10663","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10687","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10609","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10737","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11364","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11302","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11269","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11311","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11372","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11413","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/383","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064145","reference_id":"2064145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064145"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0908","reference_id":"CVE-2022-0908","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0908"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json","reference_id":"CVE-2022-0908.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0908"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=json","vulnerability_id":"VCID-mhwh-tsst-cfaj","summary":"Out-of-bounds Read\nLibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22844","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18342","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18217","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18245","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18335","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18569","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18312","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18352","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1815","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18251","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/355","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/355"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/287","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/287"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042603","reference_id":"2042603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042603"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22844","reference_id":"CVE-2022-22844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22844"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-22844"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12866?format=json","vulnerability_id":"VCID-qsrb-hf2u-tudp","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0562","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09829","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09512","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09742","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09718","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09751","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09818","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09813","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09497","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09626","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09596","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09473","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09625","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09672","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17853","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17906","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17693","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/362","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054495","reference_id":"2054495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054495"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0562","reference_id":"CVE-2022-0562","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0562"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json","reference_id":"CVE-2022-0562.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0562"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13224?format=json","vulnerability_id":"VCID-zedn-437q-47b2","summary":"Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0865","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10258","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10554","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10475","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10531","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10534","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1033","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10496","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10463","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10441","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10359","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10292","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10239","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10385","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10455","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10432","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/385","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/385"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/306","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064406","reference_id":"2064406","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064406"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0865","reference_id":"CVE-2022-0865","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0865"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json","reference_id":"CVE-2022-0865.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0865"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.3.0"}