Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517066?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "type": "deb", "namespace": "debian", "name": "exempi", "version": "2.5.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.6.3-1", "latest_non_vulnerable_version": "2.6.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66817?format=api", "vulnerability_id": "VCID-3dac-uwth-j3fj", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56556", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.5661", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56604", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56589", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56608", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36056" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dac-uwth-j3fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66828?format=api", "vulnerability_id": "VCID-7jjj-qrgx-93cc", "summary": "XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66618", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66658", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66666", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66651", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66636", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66653", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-42532" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jjj-qrgx-93cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66814?format=api", "vulnerability_id": "VCID-abnu-u4m6-tfej", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32497", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32569", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32537", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32467", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32488", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36054" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abnu-u4m6-tfej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66804?format=api", "vulnerability_id": "VCID-aje4-zaur-5yha", "summary": "Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18651.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18651.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.8483", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.84855", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.84853", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.84857", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.84851", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02228", "scoring_system": "epss", "scoring_elements": "0.8484", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18651" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/" } ], "url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235669", "reference_id": "2235669", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235669" }, { "reference_url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f", "reference_id": "fdd4765a699f9700850098b43b9798b933acb32f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/" } ], "url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:44:59Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3066", "reference_id": "RHSA-2024:3066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3066" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586240?format=api", "purl": "pkg:deb/debian/exempi@2.5.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.2-1" } ], "aliases": [ "CVE-2020-18651" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aje4-zaur-5yha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66818?format=api", "vulnerability_id": "VCID-avc9-whgm-a7gh", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13949", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13952", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13916", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13831", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13861", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36057" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36057" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avc9-whgm-a7gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66824?format=api", "vulnerability_id": "VCID-b34x-pw39-e3ay", "summary": "XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30436", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30509", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30476", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30446", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30413", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30429", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-42528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b34x-pw39-e3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66808?format=api", "vulnerability_id": "VCID-fy35-f3fu-43fx", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68178", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68187", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68179", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68164", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.6818", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36047" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fy35-f3fu-43fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66811?format=api", "vulnerability_id": "VCID-fzqh-hr2u-cfck", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85392", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85416", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85415", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85401", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02416", "scoring_system": "epss", "scoring_elements": "0.85414", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36051" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzqh-hr2u-cfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66815?format=api", "vulnerability_id": "VCID-gybp-qse3-tkhs", "summary": "XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71315", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.7136", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71367", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71345", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.7133", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71354", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36055" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gybp-qse3-tkhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66827?format=api", "vulnerability_id": "VCID-h2nu-f1se-u7ca", "summary": "XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77253", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77263", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77252", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77243", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.77264", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-42531" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2nu-f1se-u7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66810?format=api", "vulnerability_id": "VCID-j1df-3zu4-1yh2", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74158", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74163", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74149", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74131", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74157", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36050" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1df-3zu4-1yh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66825?format=api", "vulnerability_id": "VCID-kz1w-aez6-t7g3", "summary": "XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63348", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63392", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.634", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63389", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63377", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63394", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-42529" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kz1w-aez6-t7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66809?format=api", "vulnerability_id": "VCID-mts6-1bp8-qyb7", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68178", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68187", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68179", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68164", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.6818", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36048" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mts6-1bp8-qyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66823?format=api", "vulnerability_id": "VCID-pue4-wnwn-mfbq", "summary": "XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35237", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35257", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-40732" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pue4-wnwn-mfbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66819?format=api", "vulnerability_id": "VCID-rc1y-vc9m-3yef", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54209", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54265", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54274", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54263", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.5424", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54262", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36058" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc1y-vc9m-3yef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66806?format=api", "vulnerability_id": "VCID-tayn-zr7z-zkhg", "summary": "XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53217", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53278", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53286", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53244", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53267", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36045" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tayn-zr7z-zkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66822?format=api", "vulnerability_id": "VCID-u55y-8t2h-b3cw", "summary": "XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48804", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48864", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48872", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48854", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48824", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48838", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-40716" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u55y-8t2h-b3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66820?format=api", "vulnerability_id": "VCID-v3eh-7ps6-c3g5", "summary": "XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72753", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72792", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72782", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72769", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72794", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36064" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3eh-7ps6-c3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66812?format=api", "vulnerability_id": "VCID-vq1k-hgj6-kkf1", "summary": "XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86693", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86689", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86679", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02926", "scoring_system": "epss", "scoring_elements": "0.86691", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36052" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vq1k-hgj6-kkf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66805?format=api", "vulnerability_id": "VCID-w16t-abeq-p3aw", "summary": "Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02158", "scoring_system": "epss", "scoring_elements": "0.84588", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02158", "scoring_system": "epss", "scoring_elements": "0.84614", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02158", "scoring_system": "epss", "scoring_elements": "0.84612", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02158", "scoring_system": "epss", "scoring_elements": "0.84616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02158", "scoring_system": "epss", "scoring_elements": "0.846", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/12", "reference_id": "12", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/" } ], "url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/12" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235673", "reference_id": "2235673", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235673" }, { "reference_url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7", "reference_id": "acee2894ceb91616543927c2a6e45050c60f98f7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/" } ], "url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:39:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3066", "reference_id": "RHSA-2024:3066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3066" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586240?format=api", "purl": "pkg:deb/debian/exempi@2.5.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.2-1" } ], "aliases": [ "CVE-2020-18652" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w16t-abeq-p3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66807?format=api", "vulnerability_id": "VCID-x5u3-phh1-jqfz", "summary": "XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57914", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57922", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57911", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57898", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57915", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36046" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5u3-phh1-jqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66813?format=api", "vulnerability_id": "VCID-xbwa-dmsy-cqfd", "summary": "XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53217", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53278", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53286", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53244", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53267", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-36053" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbwa-dmsy-cqfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66821?format=api", "vulnerability_id": "VCID-xgv5-32bx-eugh", "summary": "XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54801", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54859", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54869", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54862", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54843", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54863", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-39847" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv5-32bx-eugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66826?format=api", "vulnerability_id": "VCID-yby3-4ngt-dfhs", "summary": "XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63348", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63392", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.634", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63389", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63377", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63394", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/713325?format=api", "purl": "pkg:deb/debian/exempi@2.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.6.3-1" } ], "aliases": [ "CVE-2021-42530" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yby3-4ngt-dfhs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66798?format=api", "vulnerability_id": "VCID-3b75-arvj-3ydx", "summary": "An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7730.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7730.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28845", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28916", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2888", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28809", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28819", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7730" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555163", "reference_id": "1555163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555163" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782", "reference_id": "892782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2048", "reference_id": "RHSA-2019:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2018-7730" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b75-arvj-3ydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66771?format=api", "vulnerability_id": "VCID-52ng-zpru-sqhf", "summary": "An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68257", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68298", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68299", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68306", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68283", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559575", "reference_id": "1559575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2048", "reference_id": "RHSA-2019:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18233" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52ng-zpru-sqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66788?format=api", "vulnerability_id": "VCID-6muj-t5qx-hubn", "summary": "The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64395", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64404", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64383", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64403", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594642", "reference_id": "1594642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902175", "reference_id": "902175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902175" }, { "reference_url": "https://usn.ubuntu.com/5483-1/", "reference_id": "USN-5483-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5483-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2018-12648" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6muj-t5qx-hubn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66777?format=api", "vulnerability_id": "VCID-8mjr-5nzs-uydp", "summary": "An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61632", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61681", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61688", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61676", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6166", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61678", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559595", "reference_id": "1559595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559595" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18235" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mjr-5nzs-uydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66801?format=api", "vulnerability_id": "VCID-b25g-gvb8-8qht", "summary": "An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58932", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5893", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58914", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58929", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555164", "reference_id": "1555164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782", "reference_id": "892782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2018-7731" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b25g-gvb8-8qht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66783?format=api", "vulnerability_id": "VCID-bmnh-53h3-8feh", "summary": "An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61152", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61201", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61208", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61195", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61177", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61198", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559599", "reference_id": "1559599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559599" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18237" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmnh-53h3-8feh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66786?format=api", "vulnerability_id": "VCID-kj1c-b5ak-u7eu", "summary": "An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18238.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67127", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67168", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.6716", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67143", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67159", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558715", "reference_id": "1558715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2048", "reference_id": "RHSA-2019:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18238" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj1c-b5ak-u7eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66795?format=api", "vulnerability_id": "VCID-patf-5u5f-33hc", "summary": "An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57267", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57319", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57302", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57327", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57315", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555160", "reference_id": "1555160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555160" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782", "reference_id": "892782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2018-7729" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-patf-5u5f-33hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66792?format=api", "vulnerability_id": "VCID-v3z9-7ysq-57h2", "summary": "An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64078", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.6412", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64129", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64118", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64106", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64127", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555155", "reference_id": "1555155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555155" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782", "reference_id": "892782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2018-7728" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3z9-7ysq-57h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66780?format=api", "vulnerability_id": "VCID-w6ev-hhqd-ryb8", "summary": "An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75622", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75625", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75615", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75602", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75627", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559596", "reference_id": "1559596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2048", "reference_id": "RHSA-2019:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18236" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ev-hhqd-ryb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66774?format=api", "vulnerability_id": "VCID-we66-99ag-rqc9", "summary": "An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70582", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70592", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70574", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70562", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70585", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559590", "reference_id": "1559590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2048", "reference_id": "RHSA-2019:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "reference_url": "https://usn.ubuntu.com/3668-1/", "reference_id": "USN-3668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517066?format=api", "purl": "pkg:deb/debian/exempi@2.5.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3dac-uwth-j3fj" }, { "vulnerability": "VCID-7jjj-qrgx-93cc" }, { "vulnerability": "VCID-abnu-u4m6-tfej" }, { "vulnerability": "VCID-aje4-zaur-5yha" }, { "vulnerability": "VCID-avc9-whgm-a7gh" }, { "vulnerability": "VCID-b34x-pw39-e3ay" }, { "vulnerability": "VCID-fy35-f3fu-43fx" }, { "vulnerability": "VCID-fzqh-hr2u-cfck" }, { "vulnerability": "VCID-gybp-qse3-tkhs" }, { "vulnerability": "VCID-h2nu-f1se-u7ca" }, { "vulnerability": "VCID-j1df-3zu4-1yh2" }, { "vulnerability": "VCID-kz1w-aez6-t7g3" }, { "vulnerability": "VCID-mts6-1bp8-qyb7" }, { "vulnerability": "VCID-pue4-wnwn-mfbq" }, { "vulnerability": "VCID-rc1y-vc9m-3yef" }, { "vulnerability": "VCID-tayn-zr7z-zkhg" }, { "vulnerability": "VCID-u55y-8t2h-b3cw" }, { "vulnerability": "VCID-v3eh-7ps6-c3g5" }, { "vulnerability": "VCID-vq1k-hgj6-kkf1" }, { "vulnerability": "VCID-w16t-abeq-p3aw" }, { "vulnerability": "VCID-x5u3-phh1-jqfz" }, { "vulnerability": "VCID-xbwa-dmsy-cqfd" }, { "vulnerability": "VCID-xgv5-32bx-eugh" }, { "vulnerability": "VCID-yby3-4ngt-dfhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" } ], "aliases": [ "CVE-2017-18234" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-we66-99ag-rqc9" } ], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exempi@2.5.0-2" }