{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","type":"deb","namespace":"debian","name":"sdl-image1.2","version":"1.2.12-10+deb10u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.12-12","latest_non_vulnerable_version":"1.2.12-12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77167?format=json","vulnerability_id":"VCID-5duv-sj5g-t7cp","summary":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7635.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7635","reference_id":"","reference_type":"","scores":[{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84564","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84594","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.8459","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84577","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84591","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677158","reference_id":"1677158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677158"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609","reference_id":"924609","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610","reference_id":"924610","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://security.gentoo.org/glsa/201909-07","reference_id":"GLSA-201909-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-07"},{"reference_url":"https://security.gentoo.org/glsa/202305-17","reference_id":"GLSA-202305-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3868","reference_id":"RHSA-2020:3868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4627","reference_id":"RHSA-2020:4627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4627"},{"reference_url":"https://usn.ubuntu.com/4143-1/","reference_id":"USN-4143-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4143-1/"},{"reference_url":"https://usn.ubuntu.com/4156-1/","reference_id":"USN-4156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-1/"},{"reference_url":"https://usn.ubuntu.com/4156-2/","reference_id":"USN-4156-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-2/"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-7635"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5duv-sj5g-t7cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77243?format=json","vulnerability_id":"VCID-9wk9-37n4-v3f1","summary":"An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5060","reference_id":"","reference_type":"","scores":[{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.8021","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80233","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80237","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80225","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80245","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5060"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5060","TALOS-2019-0844"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wk9-37n4-v3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77242?format=json","vulnerability_id":"VCID-egbq-zhbh-eqam","summary":"An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5059","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76979","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76956","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5059"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5059","TALOS-2019-0843"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egbq-zhbh-eqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77232?format=json","vulnerability_id":"VCID-en5a-ntnf-pqdx","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12218.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12218","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73242","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73248","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7323","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73241","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732256","reference_id":"1732256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732256"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12218"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-en5a-ntnf-pqdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77234?format=json","vulnerability_id":"VCID-j4me-edg9-kbbe","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12220.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12220","reference_id":"","reference_type":"","scores":[{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73179","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73185","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73167","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73154","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73178","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732260","reference_id":"1732260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732260"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12220"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4me-edg9-kbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77236?format=json","vulnerability_id":"VCID-mewp-tcyz-9qeb","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12222.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12222","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72474","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72516","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72523","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72503","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7249","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72514","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732262","reference_id":"1732262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12222"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mewp-tcyz-9qeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77230?format=json","vulnerability_id":"VCID-mstj-meg8-jbb3","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12216.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12216","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77055","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77087","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77096","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77084","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77074","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12216"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732252","reference_id":"1732252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732252"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12216"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mstj-meg8-jbb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77241?format=json","vulnerability_id":"VCID-ngqz-edm8-fudt","summary":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5058","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76979","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76956","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5058","TALOS-2019-0842"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngqz-edm8-fudt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77240?format=json","vulnerability_id":"VCID-q8x8-81k3-mqhu","summary":"An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5057","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76979","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76956","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5057"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5057","TALOS-2019-0841"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8x8-81k3-mqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77238?format=json","vulnerability_id":"VCID-qry5-dryv-dqa2","summary":"An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5051","reference_id":"","reference_type":"","scores":[{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80615","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80642","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80644","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.8064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80636","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80656","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5051"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5051","TALOS-2019-0820"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qry5-dryv-dqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77158?format=json","vulnerability_id":"VCID-qwpa-ttx4-1bcs","summary":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13616.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13616","reference_id":"","reference_type":"","scores":[{"value":"0.07188","scoring_system":"epss","scoring_elements":"0.91758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.07188","scoring_system":"epss","scoring_elements":"0.91746","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07188","scoring_system":"epss","scoring_elements":"0.91744","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08938","scoring_system":"epss","scoring_elements":"0.92747","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08938","scoring_system":"epss","scoring_elements":"0.92739","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08938","scoring_system":"epss","scoring_elements":"0.92751","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747237","reference_id":"1747237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934","reference_id":"940934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934"},{"reference_url":"https://security.gentoo.org/glsa/202305-17","reference_id":"GLSA-202305-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3950","reference_id":"RHSA-2019:3950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3951","reference_id":"RHSA-2019:3951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0293","reference_id":"RHSA-2020:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0293"},{"reference_url":"https://usn.ubuntu.com/4156-1/","reference_id":"USN-4156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-1/"},{"reference_url":"https://usn.ubuntu.com/4156-2/","reference_id":"USN-4156-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-2/"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-13616"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwpa-ttx4-1bcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77239?format=json","vulnerability_id":"VCID-umht-67y8-n7ex","summary":"An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5052","reference_id":"","reference_type":"","scores":[{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81561","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81556","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81571","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-5052","TALOS-2019-0821"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umht-67y8-n7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77233?format=json","vulnerability_id":"VCID-wk1y-nwk1-8ueb","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12219.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12219","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73871","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73913","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.739","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73909","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732258","reference_id":"1732258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732258"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12219"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wk1y-nwk1-8ueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77235?format=json","vulnerability_id":"VCID-yek7-ncmm-3kby","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12221.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12221","reference_id":"","reference_type":"","scores":[{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80646","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80672","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80673","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.8067","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80666","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80686","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12221"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732250","reference_id":"1732250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12221"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yek7-ncmm-3kby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77231?format=json","vulnerability_id":"VCID-ys8p-ew9m-47d1","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12217.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12217","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75621","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.7565","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75653","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75642","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.7563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75655","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732254","reference_id":"1732254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732254"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516698?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-12"}],"aliases":["CVE-2019-12217"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys8p-ew9m-47d1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77214?format=json","vulnerability_id":"VCID-2w2z-4uv2-yqek","summary":"An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12122","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81737","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81771","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81765","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81779","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-12122","TALOS-2017-0488"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w2z-4uv2-yqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77218?format=json","vulnerability_id":"VCID-4d1b-gcy7-2ba2","summary":"An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14440","reference_id":"","reference_type":"","scores":[{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.838","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83824","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83826","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83821","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83813","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-14440","TALOS-2017-0489"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d1b-gcy7-2ba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77226?format=json","vulnerability_id":"VCID-4k9u-nrx8-8ucc","summary":"An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3837","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58032","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58041","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58016","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2018-3837","TALOS-2018-0519"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4k9u-nrx8-8ucc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77221?format=json","vulnerability_id":"VCID-5baf-ew4j-a7ct","summary":"An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14442","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81737","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81771","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81765","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81779","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-14442","TALOS-2017-0491"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5baf-ew4j-a7ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77228?format=json","vulnerability_id":"VCID-7ccg-fsfv-nkdp","summary":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3839","reference_id":"","reference_type":"","scores":[{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78978","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78975","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78972","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78969","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.78958","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2018-3839","TALOS-2018-0521"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ccg-fsfv-nkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77227?format=json","vulnerability_id":"VCID-7d6j-u189-zyev","summary":"An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3838","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62576","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62566","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62568","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62523","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62552","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2018-3838","TALOS-2018-0520"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7d6j-u189-zyev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77229?format=json","vulnerability_id":"VCID-dqve-nkck-fkcz","summary":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3977","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75863","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75868","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75864","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75837","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75856","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75843","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3977"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912617","reference_id":"912617","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912618","reference_id":"912618","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912618"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2018-3977"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqve-nkck-fkcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77224?format=json","vulnerability_id":"VCID-u96f-acm8-zfgg","summary":"A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14450","reference_id":"","reference_type":"","scores":[{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76671","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76707","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76696","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76685","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-14450","TALOS-2017-0499"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u96f-acm8-zfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77225?format=json","vulnerability_id":"VCID-uu34-2cfw-tqgw","summary":"An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2887","reference_id":"","reference_type":"","scores":[{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82384","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82412","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82411","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82409","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878266","reference_id":"878266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878267","reference_id":"878267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-2887","TALOS-2017-0394"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu34-2cfw-tqgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77220?format=json","vulnerability_id":"VCID-xfsm-k9je-mye1","summary":"An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14441","reference_id":"","reference_type":"","scores":[{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80242","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80251","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80238","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80215","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80237","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.8023","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-14441","TALOS-2017-0490"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfsm-k9je-mye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77222?format=json","vulnerability_id":"VCID-yp3k-d53z-5kdc","summary":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14448","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81737","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81771","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81765","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81779","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272898?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515596?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-5%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w2z-4uv2-yqek"},{"vulnerability":"VCID-4d1b-gcy7-2ba2"},{"vulnerability":"VCID-4k9u-nrx8-8ucc"},{"vulnerability":"VCID-5baf-ew4j-a7ct"},{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-7ccg-fsfv-nkdp"},{"vulnerability":"VCID-7d6j-u189-zyev"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-dqve-nkck-fkcz"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-u96f-acm8-zfgg"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-uu34-2cfw-tqgw"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-xfsm-k9je-mye1"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-yp3k-d53z-5kdc"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-5%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516697?format=json","purl":"pkg:deb/debian/sdl-image1.2@1.2.12-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5duv-sj5g-t7cp"},{"vulnerability":"VCID-9wk9-37n4-v3f1"},{"vulnerability":"VCID-egbq-zhbh-eqam"},{"vulnerability":"VCID-en5a-ntnf-pqdx"},{"vulnerability":"VCID-j4me-edg9-kbbe"},{"vulnerability":"VCID-mewp-tcyz-9qeb"},{"vulnerability":"VCID-mstj-meg8-jbb3"},{"vulnerability":"VCID-ngqz-edm8-fudt"},{"vulnerability":"VCID-q8x8-81k3-mqhu"},{"vulnerability":"VCID-qry5-dryv-dqa2"},{"vulnerability":"VCID-qwpa-ttx4-1bcs"},{"vulnerability":"VCID-umht-67y8-n7ex"},{"vulnerability":"VCID-wk1y-nwk1-8ueb"},{"vulnerability":"VCID-yek7-ncmm-3kby"},{"vulnerability":"VCID-ys8p-ew9m-47d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}],"aliases":["CVE-2017-14448","TALOS-2017-0497"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp3k-d53z-5kdc"}],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sdl-image1.2@1.2.12-10%252Bdeb10u1"}