{"url":"http://public2.vulnerablecode.io/api/packages/46084?format=json","purl":"pkg:conan/libtiff@3.9.0","type":"conan","namespace":"","name":"libtiff","version":"3.9.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.7.0","latest_non_vulnerable_version":"4.7.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18009?format=json","vulnerability_id":"VCID-2ds7-xq64-9ue2","summary":"NULL Pointer Dereference\nA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05735","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06254","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06396","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06471","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06483","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06513","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06208","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080","reference_id":"2216080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468","reference_id":"468","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/515","reference_id":"515","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316","reference_id":"CVE-2023-3316","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56830?format=json","purl":"pkg:conan/libtiff@4.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1"}],"aliases":["CVE-2023-3316"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-xq64-9ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=json","vulnerability_id":"VCID-5mak-1mkk-wkdg","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18423","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18145","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18234","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18334","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.183","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18329","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1844","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27915","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/362","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494","reference_id":"2054494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561","reference_id":"CVE-2022-0561","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json","reference_id":"CVE-2022-0561.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0561"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=json","vulnerability_id":"VCID-h6gn-kv5x-bbd5","summary":"Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08285","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08221","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08204","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08231","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08179","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08041","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08155","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/380","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/380"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/382","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411","reference_id":"2064411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891","reference_id":"CVE-2022-0891","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","reference_id":"CVE-2022-0891.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43352?format=json","purl":"pkg:conan/libtiff@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.4.0"}],"aliases":["CVE-2022-0891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79632?format=json","vulnerability_id":"VCID-tgf9-ax81-fub4","summary":"libtiff: heap Buffer overflows in tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3570","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00632","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00649","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00636","published_at":"2026-05-14T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0062","published_at":"2026-04-02T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00612","published_at":"2026-04-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00614","published_at":"2026-04-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00613","published_at":"2026-04-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00607","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00605","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00602","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00603","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00597","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00645","published_at":"2026-05-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00643","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00646","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00647","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00652","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/381","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/381"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/386","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/386"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142734","reference_id":"2142734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142734"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3570","reference_id":"CVE-2022-3570","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3570"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json","reference_id":"CVE-2022-3570.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5705-1/","reference_id":"USN-5705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5705-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[],"aliases":["CVE-2022-3570"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgf9-ax81-fub4"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@3.9.0"}