Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/exempi@2.5.0-2
Typedeb
Namespacedebian
Nameexempi
Version2.5.0-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.3-1
Latest_non_vulnerable_version2.6.3-1
Affected_by_vulnerabilities
0
url VCID-3dac-uwth-j3fj
vulnerability_id VCID-3dac-uwth-j3fj
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36056
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56556
published_at 2026-06-04T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.5661
published_at 2026-06-05T12:55:00Z
2
value 0.00335
scoring_system epss
scoring_elements 0.56616
published_at 2026-06-06T12:55:00Z
3
value 0.00335
scoring_system epss
scoring_elements 0.56604
published_at 2026-06-07T12:55:00Z
4
value 0.00335
scoring_system epss
scoring_elements 0.56589
published_at 2026-06-08T12:55:00Z
5
value 0.00335
scoring_system epss
scoring_elements 0.56608
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36056
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36056
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dac-uwth-j3fj
1
url VCID-7jjj-qrgx-93cc
vulnerability_id VCID-7jjj-qrgx-93cc
summary XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42532
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66618
published_at 2026-06-04T12:55:00Z
1
value 0.00507
scoring_system epss
scoring_elements 0.66658
published_at 2026-06-05T12:55:00Z
2
value 0.00507
scoring_system epss
scoring_elements 0.66666
published_at 2026-06-06T12:55:00Z
3
value 0.00507
scoring_system epss
scoring_elements 0.66651
published_at 2026-06-07T12:55:00Z
4
value 0.00507
scoring_system epss
scoring_elements 0.66636
published_at 2026-06-08T12:55:00Z
5
value 0.00507
scoring_system epss
scoring_elements 0.66653
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42532
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-42532
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jjj-qrgx-93cc
2
url VCID-abnu-u4m6-tfej
vulnerability_id VCID-abnu-u4m6-tfej
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36054
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.32497
published_at 2026-06-04T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.32569
published_at 2026-06-05T12:55:00Z
2
value 0.00134
scoring_system epss
scoring_elements 0.32537
published_at 2026-06-06T12:55:00Z
3
value 0.00134
scoring_system epss
scoring_elements 0.32498
published_at 2026-06-07T12:55:00Z
4
value 0.00134
scoring_system epss
scoring_elements 0.32467
published_at 2026-06-08T12:55:00Z
5
value 0.00134
scoring_system epss
scoring_elements 0.32488
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36054
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36054
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abnu-u4m6-tfej
3
url VCID-aje4-zaur-5yha
vulnerability_id VCID-aje4-zaur-5yha
summary Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18651.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-18651
reference_id
reference_type
scores
0
value 0.02228
scoring_system epss
scoring_elements 0.8483
published_at 2026-06-04T12:55:00Z
1
value 0.02228
scoring_system epss
scoring_elements 0.84855
published_at 2026-06-09T12:55:00Z
2
value 0.02228
scoring_system epss
scoring_elements 0.84853
published_at 2026-06-05T12:55:00Z
3
value 0.02228
scoring_system epss
scoring_elements 0.84857
published_at 2026-06-06T12:55:00Z
4
value 0.02228
scoring_system epss
scoring_elements 0.84851
published_at 2026-06-07T12:55:00Z
5
value 0.02228
scoring_system epss
scoring_elements 0.8484
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-18651
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18651
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
reference_id 13
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/
url https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235669
reference_id 2235669
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235669
6
reference_url https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f
reference_id fdd4765a699f9700850098b43b9798b933acb32f
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/
url https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f
7
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html
reference_id msg00032.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html
8
reference_url https://access.redhat.com/errata/RHSA-2024:3066
reference_id RHSA-2024:3066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3066
fixed_packages
0
url pkg:deb/debian/exempi@2.5.2-1
purl pkg:deb/debian/exempi@2.5.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-avc9-whgm-a7gh
4
vulnerability VCID-b34x-pw39-e3ay
5
vulnerability VCID-fy35-f3fu-43fx
6
vulnerability VCID-fzqh-hr2u-cfck
7
vulnerability VCID-gybp-qse3-tkhs
8
vulnerability VCID-h2nu-f1se-u7ca
9
vulnerability VCID-j1df-3zu4-1yh2
10
vulnerability VCID-kz1w-aez6-t7g3
11
vulnerability VCID-mts6-1bp8-qyb7
12
vulnerability VCID-pue4-wnwn-mfbq
13
vulnerability VCID-rc1y-vc9m-3yef
14
vulnerability VCID-tayn-zr7z-zkhg
15
vulnerability VCID-u55y-8t2h-b3cw
16
vulnerability VCID-v3eh-7ps6-c3g5
17
vulnerability VCID-vq1k-hgj6-kkf1
18
vulnerability VCID-x5u3-phh1-jqfz
19
vulnerability VCID-xbwa-dmsy-cqfd
20
vulnerability VCID-xgv5-32bx-eugh
21
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.2-1
aliases CVE-2020-18651
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aje4-zaur-5yha
4
url VCID-avc9-whgm-a7gh
vulnerability_id VCID-avc9-whgm-a7gh
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36057
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13873
published_at 2026-06-04T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13949
published_at 2026-06-05T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13952
published_at 2026-06-06T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13916
published_at 2026-06-07T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13831
published_at 2026-06-08T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13861
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36057
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36057
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avc9-whgm-a7gh
5
url VCID-b34x-pw39-e3ay
vulnerability_id VCID-b34x-pw39-e3ay
summary XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42528
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30436
published_at 2026-06-04T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30509
published_at 2026-06-05T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30476
published_at 2026-06-06T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30446
published_at 2026-06-07T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30413
published_at 2026-06-08T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30429
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42528
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-42528
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b34x-pw39-e3ay
6
url VCID-fy35-f3fu-43fx
vulnerability_id VCID-fy35-f3fu-43fx
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36047
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.68139
published_at 2026-06-04T12:55:00Z
1
value 0.00545
scoring_system epss
scoring_elements 0.68178
published_at 2026-06-05T12:55:00Z
2
value 0.00545
scoring_system epss
scoring_elements 0.68187
published_at 2026-06-06T12:55:00Z
3
value 0.00545
scoring_system epss
scoring_elements 0.68179
published_at 2026-06-07T12:55:00Z
4
value 0.00545
scoring_system epss
scoring_elements 0.68164
published_at 2026-06-08T12:55:00Z
5
value 0.00545
scoring_system epss
scoring_elements 0.6818
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36047
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36047
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy35-f3fu-43fx
7
url VCID-fzqh-hr2u-cfck
vulnerability_id VCID-fzqh-hr2u-cfck
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36051
reference_id
reference_type
scores
0
value 0.02416
scoring_system epss
scoring_elements 0.85392
published_at 2026-06-04T12:55:00Z
1
value 0.02416
scoring_system epss
scoring_elements 0.85416
published_at 2026-06-05T12:55:00Z
2
value 0.02416
scoring_system epss
scoring_elements 0.85421
published_at 2026-06-06T12:55:00Z
3
value 0.02416
scoring_system epss
scoring_elements 0.85415
published_at 2026-06-07T12:55:00Z
4
value 0.02416
scoring_system epss
scoring_elements 0.85401
published_at 2026-06-08T12:55:00Z
5
value 0.02416
scoring_system epss
scoring_elements 0.85414
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36051
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36051
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzqh-hr2u-cfck
8
url VCID-gybp-qse3-tkhs
vulnerability_id VCID-gybp-qse3-tkhs
summary XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36055
reference_id
reference_type
scores
0
value 0.00654
scoring_system epss
scoring_elements 0.71315
published_at 2026-06-04T12:55:00Z
1
value 0.00654
scoring_system epss
scoring_elements 0.7136
published_at 2026-06-05T12:55:00Z
2
value 0.00654
scoring_system epss
scoring_elements 0.71367
published_at 2026-06-06T12:55:00Z
3
value 0.00654
scoring_system epss
scoring_elements 0.71345
published_at 2026-06-07T12:55:00Z
4
value 0.00654
scoring_system epss
scoring_elements 0.7133
published_at 2026-06-08T12:55:00Z
5
value 0.00654
scoring_system epss
scoring_elements 0.71354
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36055
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36055
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gybp-qse3-tkhs
9
url VCID-h2nu-f1se-u7ca
vulnerability_id VCID-h2nu-f1se-u7ca
summary XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42531
reference_id
reference_type
scores
0
value 0.0099
scoring_system epss
scoring_elements 0.77222
published_at 2026-06-04T12:55:00Z
1
value 0.0099
scoring_system epss
scoring_elements 0.77253
published_at 2026-06-05T12:55:00Z
2
value 0.0099
scoring_system epss
scoring_elements 0.77263
published_at 2026-06-06T12:55:00Z
3
value 0.0099
scoring_system epss
scoring_elements 0.77252
published_at 2026-06-07T12:55:00Z
4
value 0.0099
scoring_system epss
scoring_elements 0.77243
published_at 2026-06-08T12:55:00Z
5
value 0.0099
scoring_system epss
scoring_elements 0.77264
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42531
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-42531
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2nu-f1se-u7ca
10
url VCID-j1df-3zu4-1yh2
vulnerability_id VCID-j1df-3zu4-1yh2
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36050
reference_id
reference_type
scores
0
value 0.00785
scoring_system epss
scoring_elements 0.74125
published_at 2026-06-04T12:55:00Z
1
value 0.00785
scoring_system epss
scoring_elements 0.74158
published_at 2026-06-05T12:55:00Z
2
value 0.00785
scoring_system epss
scoring_elements 0.74163
published_at 2026-06-06T12:55:00Z
3
value 0.00785
scoring_system epss
scoring_elements 0.74149
published_at 2026-06-07T12:55:00Z
4
value 0.00785
scoring_system epss
scoring_elements 0.74131
published_at 2026-06-08T12:55:00Z
5
value 0.00785
scoring_system epss
scoring_elements 0.74157
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36050
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36050
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1df-3zu4-1yh2
11
url VCID-kz1w-aez6-t7g3
vulnerability_id VCID-kz1w-aez6-t7g3
summary XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42529
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63348
published_at 2026-06-04T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.63392
published_at 2026-06-05T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.634
published_at 2026-06-06T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.63389
published_at 2026-06-07T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63377
published_at 2026-06-08T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.63394
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42529
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-42529
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kz1w-aez6-t7g3
12
url VCID-mts6-1bp8-qyb7
vulnerability_id VCID-mts6-1bp8-qyb7
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36048
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.68139
published_at 2026-06-04T12:55:00Z
1
value 0.00545
scoring_system epss
scoring_elements 0.68178
published_at 2026-06-05T12:55:00Z
2
value 0.00545
scoring_system epss
scoring_elements 0.68187
published_at 2026-06-06T12:55:00Z
3
value 0.00545
scoring_system epss
scoring_elements 0.68179
published_at 2026-06-07T12:55:00Z
4
value 0.00545
scoring_system epss
scoring_elements 0.68164
published_at 2026-06-08T12:55:00Z
5
value 0.00545
scoring_system epss
scoring_elements 0.6818
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36048
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36048
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mts6-1bp8-qyb7
13
url VCID-pue4-wnwn-mfbq
vulnerability_id VCID-pue4-wnwn-mfbq
summary XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40732
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35196
published_at 2026-06-04T12:55:00Z
1
value 0.0015
scoring_system epss
scoring_elements 0.35303
published_at 2026-06-05T12:55:00Z
2
value 0.0015
scoring_system epss
scoring_elements 0.35313
published_at 2026-06-06T12:55:00Z
3
value 0.0015
scoring_system epss
scoring_elements 0.35277
published_at 2026-06-07T12:55:00Z
4
value 0.0015
scoring_system epss
scoring_elements 0.35237
published_at 2026-06-08T12:55:00Z
5
value 0.0015
scoring_system epss
scoring_elements 0.35257
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40732
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-40732
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pue4-wnwn-mfbq
14
url VCID-rc1y-vc9m-3yef
vulnerability_id VCID-rc1y-vc9m-3yef
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36058
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54209
published_at 2026-06-04T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.54265
published_at 2026-06-05T12:55:00Z
2
value 0.00307
scoring_system epss
scoring_elements 0.54274
published_at 2026-06-06T12:55:00Z
3
value 0.00307
scoring_system epss
scoring_elements 0.54263
published_at 2026-06-07T12:55:00Z
4
value 0.00307
scoring_system epss
scoring_elements 0.5424
published_at 2026-06-08T12:55:00Z
5
value 0.00307
scoring_system epss
scoring_elements 0.54262
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36058
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36058
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc1y-vc9m-3yef
15
url VCID-tayn-zr7z-zkhg
vulnerability_id VCID-tayn-zr7z-zkhg
summary XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36045
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53217
published_at 2026-06-04T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53278
published_at 2026-06-05T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53286
published_at 2026-06-06T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.5327
published_at 2026-06-07T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.53244
published_at 2026-06-08T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.53267
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36045
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36045
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tayn-zr7z-zkhg
16
url VCID-u55y-8t2h-b3cw
vulnerability_id VCID-u55y-8t2h-b3cw
summary XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40716
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48804
published_at 2026-06-04T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48864
published_at 2026-06-05T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48872
published_at 2026-06-06T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48854
published_at 2026-06-07T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48824
published_at 2026-06-08T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48838
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40716
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-40716
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u55y-8t2h-b3cw
17
url VCID-v3eh-7ps6-c3g5
vulnerability_id VCID-v3eh-7ps6-c3g5
summary XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36064
reference_id
reference_type
scores
0
value 0.00716
scoring_system epss
scoring_elements 0.72753
published_at 2026-06-04T12:55:00Z
1
value 0.00716
scoring_system epss
scoring_elements 0.72792
published_at 2026-06-05T12:55:00Z
2
value 0.00716
scoring_system epss
scoring_elements 0.72799
published_at 2026-06-06T12:55:00Z
3
value 0.00716
scoring_system epss
scoring_elements 0.72782
published_at 2026-06-07T12:55:00Z
4
value 0.00716
scoring_system epss
scoring_elements 0.72769
published_at 2026-06-08T12:55:00Z
5
value 0.00716
scoring_system epss
scoring_elements 0.72794
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36064
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36064
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3eh-7ps6-c3g5
18
url VCID-vq1k-hgj6-kkf1
vulnerability_id VCID-vq1k-hgj6-kkf1
summary XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36052
reference_id
reference_type
scores
0
value 0.02926
scoring_system epss
scoring_elements 0.86672
published_at 2026-06-04T12:55:00Z
1
value 0.02926
scoring_system epss
scoring_elements 0.86694
published_at 2026-06-05T12:55:00Z
2
value 0.02926
scoring_system epss
scoring_elements 0.86693
published_at 2026-06-06T12:55:00Z
3
value 0.02926
scoring_system epss
scoring_elements 0.86689
published_at 2026-06-07T12:55:00Z
4
value 0.02926
scoring_system epss
scoring_elements 0.86679
published_at 2026-06-08T12:55:00Z
5
value 0.02926
scoring_system epss
scoring_elements 0.86691
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36052
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36052
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq1k-hgj6-kkf1
19
url VCID-w16t-abeq-p3aw
vulnerability_id VCID-w16t-abeq-p3aw
summary Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18652.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18652.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-18652
reference_id
reference_type
scores
0
value 0.02158
scoring_system epss
scoring_elements 0.84588
published_at 2026-06-04T12:55:00Z
1
value 0.02158
scoring_system epss
scoring_elements 0.84614
published_at 2026-06-09T12:55:00Z
2
value 0.02158
scoring_system epss
scoring_elements 0.84612
published_at 2026-06-07T12:55:00Z
3
value 0.02158
scoring_system epss
scoring_elements 0.84616
published_at 2026-06-06T12:55:00Z
4
value 0.02158
scoring_system epss
scoring_elements 0.846
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-18652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18652
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
reference_id 12
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/
url https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235673
reference_id 2235673
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235673
6
reference_url https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7
reference_id acee2894ceb91616543927c2a6e45050c60f98f7
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/
url https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7
7
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html
reference_id msg00032.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html
8
reference_url https://access.redhat.com/errata/RHSA-2024:3066
reference_id RHSA-2024:3066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3066
fixed_packages
0
url pkg:deb/debian/exempi@2.5.2-1
purl pkg:deb/debian/exempi@2.5.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-avc9-whgm-a7gh
4
vulnerability VCID-b34x-pw39-e3ay
5
vulnerability VCID-fy35-f3fu-43fx
6
vulnerability VCID-fzqh-hr2u-cfck
7
vulnerability VCID-gybp-qse3-tkhs
8
vulnerability VCID-h2nu-f1se-u7ca
9
vulnerability VCID-j1df-3zu4-1yh2
10
vulnerability VCID-kz1w-aez6-t7g3
11
vulnerability VCID-mts6-1bp8-qyb7
12
vulnerability VCID-pue4-wnwn-mfbq
13
vulnerability VCID-rc1y-vc9m-3yef
14
vulnerability VCID-tayn-zr7z-zkhg
15
vulnerability VCID-u55y-8t2h-b3cw
16
vulnerability VCID-v3eh-7ps6-c3g5
17
vulnerability VCID-vq1k-hgj6-kkf1
18
vulnerability VCID-x5u3-phh1-jqfz
19
vulnerability VCID-xbwa-dmsy-cqfd
20
vulnerability VCID-xgv5-32bx-eugh
21
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.2-1
aliases CVE-2020-18652
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w16t-abeq-p3aw
20
url VCID-x5u3-phh1-jqfz
vulnerability_id VCID-x5u3-phh1-jqfz
summary XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36046
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57862
published_at 2026-06-04T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57914
published_at 2026-06-05T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57922
published_at 2026-06-06T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57911
published_at 2026-06-07T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57898
published_at 2026-06-08T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57915
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36046
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36046
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5u3-phh1-jqfz
21
url VCID-xbwa-dmsy-cqfd
vulnerability_id VCID-xbwa-dmsy-cqfd
summary XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36053
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53217
published_at 2026-06-04T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53278
published_at 2026-06-05T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53286
published_at 2026-06-06T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.5327
published_at 2026-06-07T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.53244
published_at 2026-06-08T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.53267
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36053
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-36053
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbwa-dmsy-cqfd
22
url VCID-xgv5-32bx-eugh
vulnerability_id VCID-xgv5-32bx-eugh
summary XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39847
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54801
published_at 2026-06-04T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.54859
published_at 2026-06-05T12:55:00Z
2
value 0.00314
scoring_system epss
scoring_elements 0.54869
published_at 2026-06-06T12:55:00Z
3
value 0.00314
scoring_system epss
scoring_elements 0.54862
published_at 2026-06-07T12:55:00Z
4
value 0.00314
scoring_system epss
scoring_elements 0.54843
published_at 2026-06-08T12:55:00Z
5
value 0.00314
scoring_system epss
scoring_elements 0.54863
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39847
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-39847
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv5-32bx-eugh
23
url VCID-yby3-4ngt-dfhs
vulnerability_id VCID-yby3-4ngt-dfhs
summary XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42530
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63348
published_at 2026-06-04T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.63392
published_at 2026-06-05T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.634
published_at 2026-06-06T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.63389
published_at 2026-06-07T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63377
published_at 2026-06-08T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.63394
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42530
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530
2
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.6.3-1
purl pkg:deb/debian/exempi@2.6.3-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1
aliases CVE-2021-42530
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yby3-4ngt-dfhs
Fixing_vulnerabilities
0
url VCID-3b75-arvj-3ydx
vulnerability_id VCID-3b75-arvj-3ydx
summary An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7730.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7730.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7730
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.28845
published_at 2026-06-04T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.28916
published_at 2026-06-05T12:55:00Z
2
value 0.00109
scoring_system epss
scoring_elements 0.2888
published_at 2026-06-06T12:55:00Z
3
value 0.00109
scoring_system epss
scoring_elements 0.28844
published_at 2026-06-07T12:55:00Z
4
value 0.00109
scoring_system epss
scoring_elements 0.28809
published_at 2026-06-08T12:55:00Z
5
value 0.00109
scoring_system epss
scoring_elements 0.28819
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7730
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7730
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7730
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1555163
reference_id 1555163
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1555163
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
reference_id 892782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
6
reference_url https://access.redhat.com/errata/RHSA-2019:2048
reference_id RHSA-2019:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2048
7
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2018-7730
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3b75-arvj-3ydx
1
url VCID-52ng-zpru-sqhf
vulnerability_id VCID-52ng-zpru-sqhf
summary An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18233.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18233.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18233
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.68257
published_at 2026-06-04T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.68298
published_at 2026-06-07T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.68299
published_at 2026-06-09T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.68306
published_at 2026-06-06T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.68283
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18233
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18233
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559575
reference_id 1559575
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559575
5
reference_url https://access.redhat.com/errata/RHSA-2019:2048
reference_id RHSA-2019:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2048
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18233
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52ng-zpru-sqhf
2
url VCID-6muj-t5qx-hubn
vulnerability_id VCID-6muj-t5qx-hubn
summary The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12648.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12648.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12648
reference_id
reference_type
scores
0
value 0.00459
scoring_system epss
scoring_elements 0.64352
published_at 2026-06-04T12:55:00Z
1
value 0.00459
scoring_system epss
scoring_elements 0.64395
published_at 2026-06-05T12:55:00Z
2
value 0.00459
scoring_system epss
scoring_elements 0.64404
published_at 2026-06-06T12:55:00Z
3
value 0.00459
scoring_system epss
scoring_elements 0.64393
published_at 2026-06-07T12:55:00Z
4
value 0.00459
scoring_system epss
scoring_elements 0.64383
published_at 2026-06-08T12:55:00Z
5
value 0.00459
scoring_system epss
scoring_elements 0.64403
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12648
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594642
reference_id 1594642
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594642
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902175
reference_id 902175
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902175
6
reference_url https://usn.ubuntu.com/5483-1/
reference_id USN-5483-1
reference_type
scores
url https://usn.ubuntu.com/5483-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2018-12648
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6muj-t5qx-hubn
3
url VCID-8mjr-5nzs-uydp
vulnerability_id VCID-8mjr-5nzs-uydp
summary An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18235.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18235.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18235
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61632
published_at 2026-06-04T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.61681
published_at 2026-06-05T12:55:00Z
2
value 0.0041
scoring_system epss
scoring_elements 0.61688
published_at 2026-06-06T12:55:00Z
3
value 0.0041
scoring_system epss
scoring_elements 0.61676
published_at 2026-06-07T12:55:00Z
4
value 0.0041
scoring_system epss
scoring_elements 0.6166
published_at 2026-06-08T12:55:00Z
5
value 0.0041
scoring_system epss
scoring_elements 0.61678
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18235
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18235
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559595
reference_id 1559595
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559595
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18235
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mjr-5nzs-uydp
4
url VCID-b25g-gvb8-8qht
vulnerability_id VCID-b25g-gvb8-8qht
summary An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7731.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7731
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58885
published_at 2026-06-04T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58932
published_at 2026-06-05T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58938
published_at 2026-06-06T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.5893
published_at 2026-06-07T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58914
published_at 2026-06-08T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58929
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7731
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7731
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7731
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1555164
reference_id 1555164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1555164
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
reference_id 892782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2018-7731
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b25g-gvb8-8qht
5
url VCID-bmnh-53h3-8feh
vulnerability_id VCID-bmnh-53h3-8feh
summary An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18237.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18237.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18237
reference_id
reference_type
scores
0
value 0.00402
scoring_system epss
scoring_elements 0.61152
published_at 2026-06-04T12:55:00Z
1
value 0.00402
scoring_system epss
scoring_elements 0.61201
published_at 2026-06-05T12:55:00Z
2
value 0.00402
scoring_system epss
scoring_elements 0.61208
published_at 2026-06-06T12:55:00Z
3
value 0.00402
scoring_system epss
scoring_elements 0.61195
published_at 2026-06-07T12:55:00Z
4
value 0.00402
scoring_system epss
scoring_elements 0.61177
published_at 2026-06-08T12:55:00Z
5
value 0.00402
scoring_system epss
scoring_elements 0.61198
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18237
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18237
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559599
reference_id 1559599
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559599
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18237
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmnh-53h3-8feh
6
url VCID-kj1c-b5ak-u7eu
vulnerability_id VCID-kj1c-b5ak-u7eu
summary An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18238.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18238.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18238
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67127
published_at 2026-06-04T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.67168
published_at 2026-06-05T12:55:00Z
2
value 0.00519
scoring_system epss
scoring_elements 0.67175
published_at 2026-06-06T12:55:00Z
3
value 0.00519
scoring_system epss
scoring_elements 0.6716
published_at 2026-06-07T12:55:00Z
4
value 0.00519
scoring_system epss
scoring_elements 0.67143
published_at 2026-06-08T12:55:00Z
5
value 0.00519
scoring_system epss
scoring_elements 0.67159
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18238
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18238
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18238
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1558715
reference_id 1558715
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1558715
5
reference_url https://access.redhat.com/errata/RHSA-2019:2048
reference_id RHSA-2019:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2048
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18238
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj1c-b5ak-u7eu
7
url VCID-patf-5u5f-33hc
vulnerability_id VCID-patf-5u5f-33hc
summary An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7729.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7729.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7729
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57267
published_at 2026-06-04T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57319
published_at 2026-06-09T12:55:00Z
2
value 0.00344
scoring_system epss
scoring_elements 0.57302
published_at 2026-06-08T12:55:00Z
3
value 0.00344
scoring_system epss
scoring_elements 0.57327
published_at 2026-06-06T12:55:00Z
4
value 0.00344
scoring_system epss
scoring_elements 0.57315
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7729
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7729
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7729
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1555160
reference_id 1555160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1555160
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
reference_id 892782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2018-7729
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-patf-5u5f-33hc
8
url VCID-v3z9-7ysq-57h2
vulnerability_id VCID-v3z9-7ysq-57h2
summary An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7728.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7728
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.64078
published_at 2026-06-04T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.6412
published_at 2026-06-05T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.64129
published_at 2026-06-06T12:55:00Z
3
value 0.00452
scoring_system epss
scoring_elements 0.64118
published_at 2026-06-07T12:55:00Z
4
value 0.00452
scoring_system epss
scoring_elements 0.64106
published_at 2026-06-08T12:55:00Z
5
value 0.00452
scoring_system epss
scoring_elements 0.64127
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7728
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7728
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1555155
reference_id 1555155
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1555155
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
reference_id 892782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2018-7728
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3z9-7ysq-57h2
9
url VCID-w6ev-hhqd-ryb8
vulnerability_id VCID-w6ev-hhqd-ryb8
summary An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18236.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18236.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18236
reference_id
reference_type
scores
0
value 0.00873
scoring_system epss
scoring_elements 0.75594
published_at 2026-06-04T12:55:00Z
1
value 0.00873
scoring_system epss
scoring_elements 0.75622
published_at 2026-06-05T12:55:00Z
2
value 0.00873
scoring_system epss
scoring_elements 0.75625
published_at 2026-06-06T12:55:00Z
3
value 0.00873
scoring_system epss
scoring_elements 0.75615
published_at 2026-06-07T12:55:00Z
4
value 0.00873
scoring_system epss
scoring_elements 0.75602
published_at 2026-06-08T12:55:00Z
5
value 0.00873
scoring_system epss
scoring_elements 0.75627
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18236
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18236
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18236
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559596
reference_id 1559596
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559596
5
reference_url https://access.redhat.com/errata/RHSA-2019:2048
reference_id RHSA-2019:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2048
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18236
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ev-hhqd-ryb8
10
url VCID-we66-99ag-rqc9
vulnerability_id VCID-we66-99ag-rqc9
summary An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18234.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18234.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18234
reference_id
reference_type
scores
0
value 0.00624
scoring_system epss
scoring_elements 0.7054
published_at 2026-06-04T12:55:00Z
1
value 0.00624
scoring_system epss
scoring_elements 0.70582
published_at 2026-06-05T12:55:00Z
2
value 0.00624
scoring_system epss
scoring_elements 0.70592
published_at 2026-06-06T12:55:00Z
3
value 0.00624
scoring_system epss
scoring_elements 0.70574
published_at 2026-06-07T12:55:00Z
4
value 0.00624
scoring_system epss
scoring_elements 0.70562
published_at 2026-06-08T12:55:00Z
5
value 0.00624
scoring_system epss
scoring_elements 0.70585
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18234
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18234
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559590
reference_id 1559590
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559590
5
reference_url https://access.redhat.com/errata/RHSA-2019:2048
reference_id RHSA-2019:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2048
6
reference_url https://usn.ubuntu.com/3668-1/
reference_id USN-3668-1
reference_type
scores
url https://usn.ubuntu.com/3668-1/
fixed_packages
0
url pkg:deb/debian/exempi@2.5.0-2
purl pkg:deb/debian/exempi@2.5.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3dac-uwth-j3fj
1
vulnerability VCID-7jjj-qrgx-93cc
2
vulnerability VCID-abnu-u4m6-tfej
3
vulnerability VCID-aje4-zaur-5yha
4
vulnerability VCID-avc9-whgm-a7gh
5
vulnerability VCID-b34x-pw39-e3ay
6
vulnerability VCID-fy35-f3fu-43fx
7
vulnerability VCID-fzqh-hr2u-cfck
8
vulnerability VCID-gybp-qse3-tkhs
9
vulnerability VCID-h2nu-f1se-u7ca
10
vulnerability VCID-j1df-3zu4-1yh2
11
vulnerability VCID-kz1w-aez6-t7g3
12
vulnerability VCID-mts6-1bp8-qyb7
13
vulnerability VCID-pue4-wnwn-mfbq
14
vulnerability VCID-rc1y-vc9m-3yef
15
vulnerability VCID-tayn-zr7z-zkhg
16
vulnerability VCID-u55y-8t2h-b3cw
17
vulnerability VCID-v3eh-7ps6-c3g5
18
vulnerability VCID-vq1k-hgj6-kkf1
19
vulnerability VCID-w16t-abeq-p3aw
20
vulnerability VCID-x5u3-phh1-jqfz
21
vulnerability VCID-xbwa-dmsy-cqfd
22
vulnerability VCID-xgv5-32bx-eugh
23
vulnerability VCID-yby3-4ngt-dfhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2
aliases CVE-2017-18234
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-we66-99ag-rqc9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2