Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/451596?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "type": "apk", "namespace": "alpine", "name": "tiff", "version": "4.3.0-r1", "qualifiers": { "arch": "riscv64", "distroversion": "v3.21", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.4.0-r0", "latest_non_vulnerable_version": "4.7.1-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13265?format=api", "vulnerability_id": "VCID-25fx-7kmb-fqhm", "summary": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18072", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18084", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18082", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18222", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24564", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24601", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24438", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/278" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", "reference_id": "2064148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064148" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924", "reference_id": "CVE-2022-0924", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0924" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", "reference_id": "CVE-2022-0924.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0924" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13252?format=api", "vulnerability_id": "VCID-4mq7-s2p6-yufr", "summary": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42924", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42901", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43036", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43033", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/392" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143", "reference_id": "2064143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064143" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907", "reference_id": "CVE-2022-0907", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", "reference_id": "CVE-2022-0907.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0907" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=api", "vulnerability_id": "VCID-5mak-1mkk-wkdg", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18283", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1844", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27915", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", "reference_id": "2054494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054494" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561", "reference_id": "CVE-2022-0561", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0561" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", "reference_id": "CVE-2022-0561.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0561" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13267?format=api", "vulnerability_id": "VCID-gmhp-4yx2-gfbv", "summary": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42396", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42341", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42497", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42435", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42486", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42476", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/393" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", "reference_id": "2064146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064146" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909", "reference_id": "CVE-2022-0909", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", "reference_id": "CVE-2022-0909.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0909" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=api", "vulnerability_id": "VCID-h6gn-kv5x-bbd5", "summary": "Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08054", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08139", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08082", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08041", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08026", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/380" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", "reference_id": "2064411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064411" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891", "reference_id": "CVE-2022-0891", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0891" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", "reference_id": "CVE-2022-0891.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13250?format=api", "vulnerability_id": "VCID-kpq7-5vsv-pucy", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10543", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10703", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10653", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10651", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10737", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10696", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10558", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10575", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/383" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", "reference_id": "2064145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064145" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908", "reference_id": "CVE-2022-0908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", "reference_id": "CVE-2022-0908.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0908" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=api", "vulnerability_id": "VCID-mhwh-tsst-cfaj", "summary": "Out-of-bounds Read\nLibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18352", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18569", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18367", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18325", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/355" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", "reference_id": "2042603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042603" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844", "reference_id": "CVE-2022-22844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22844" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5523-1/", "reference_id": "USN-5523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-1/" }, { "reference_url": "https://usn.ubuntu.com/5523-2/", "reference_id": "USN-5523-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5523-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-22844" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12866?format=api", "vulnerability_id": "VCID-qsrb-hf2u-tudp", "summary": "NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09639", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09596", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09672", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17906", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17693", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", "reference_id": "2054495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054495" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562", "reference_id": "CVE-2022-0562", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0562" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", "reference_id": "CVE-2022-0562.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0562" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266466?format=api", "vulnerability_id": "VCID-qwf8-kycx-nfd2", "summary": "The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.", "references": [ { "reference_url": "https://alas.aws.amazon.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://alas.aws.amazon.com/" }, { "reference_url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3386", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3445", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34478", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34345", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34387", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34356", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34377", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34336", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33964", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33944", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34266" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34266", "reference_id": "CVE-2022-34266", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34266" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-34266" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwf8-kycx-nfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13224?format=api", "vulnerability_id": "VCID-zedn-437q-47b2", "summary": "Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10258", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10292", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10359", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1035", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10441", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10282", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/385" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", "reference_id": "2064406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064406" }, { "reference_url": "https://security.archlinux.org/ASA-202204-6", "reference_id": "ASA-202204-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-6" }, { "reference_url": "https://security.archlinux.org/AVG-2658", "reference_id": "AVG-2658", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2658" }, { "reference_url": "https://security.archlinux.org/AVG-2659", "reference_id": "AVG-2659", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2659" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865", "reference_id": "CVE-2022-0865", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0865" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json", "reference_id": "CVE-2022-0865.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json" }, { "reference_url": "https://security.gentoo.org/glsa/202210-10", "reference_id": "GLSA-202210-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7585", "reference_id": "RHSA-2022:7585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8194", "reference_id": "RHSA-2022:8194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8194" }, { "reference_url": "https://usn.ubuntu.com/5421-1/", "reference_id": "USN-5421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/451596?format=api", "purl": "pkg:apk/alpine/tiff@4.3.0-r1?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2022-0865" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/tiff@4.3.0-r1%3Farch=riscv64&distroversion=v3.21&reponame=main" }