Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517578?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517578?format=api", "purl": "pkg:deb/debian/cimg@1.5.9%2Bdfsg-1", "type": "deb", "namespace": "debian", "name": "cimg", "version": "1.5.9+dfsg-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.5.2+dfsg-1+deb13u1", "latest_non_vulnerable_version": "3.5.2+dfsg-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64944?format=api", "vulnerability_id": "VCID-8cd5-4k3y-j3fj", "summary": "CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67905", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67944", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67951", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67941", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67928", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13568" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940952", "reference_id": "940952", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940952" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510380?format=api", "purl": "pkg:deb/debian/cimg@2.9.4%2Bdfsg-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zny-9rn5-8kcr" }, { "vulnerability": "VCID-6w38-myrq-s3cc" }, { "vulnerability": "VCID-jcxb-h3fw-fbgc" }, { "vulnerability": "VCID-qgx6-qx1h-n7f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.9.4%252Bdfsg-2" } ], "aliases": [ "CVE-2019-13568" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cd5-4k3y-j3fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64935?format=api", "vulnerability_id": "VCID-9fxs-7zay-g3e3", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54308", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54365", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54374", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54363", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54341", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7588" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" }, { "reference_url": "https://usn.ubuntu.com/4039-1/", "reference_id": "USN-4039-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4039-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7588" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fxs-7zay-g3e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64937?format=api", "vulnerability_id": "VCID-a3we-awsp-z7gh", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"16 colors\" case, aka case 4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7637" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3we-awsp-z7gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64938?format=api", "vulnerability_id": "VCID-aexr-72pg-8kh5", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"256 colors\" case, aka case 8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7638" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aexr-72pg-8kh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64940?format=api", "vulnerability_id": "VCID-d8fk-zx96-5ugx", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7640" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8fk-zx96-5ugx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64936?format=api", "vulnerability_id": "VCID-dn44-g8d2-zfar", "summary": "An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54308", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54365", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54374", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54363", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54341", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" }, { "reference_url": "https://usn.ubuntu.com/4039-1/", "reference_id": "USN-4039-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4039-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7589" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn44-g8d2-zfar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64941?format=api", "vulnerability_id": "VCID-reua-ncq6-j7hx", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"32 bits colors\" case, aka case 32.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7641" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reua-ncq6-j7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64942?format=api", "vulnerability_id": "VCID-sc5h-wekv-tfc3", "summary": "CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06441", "scoring_system": "epss", "scoring_elements": "0.91225", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06441", "scoring_system": "epss", "scoring_elements": "0.91237", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06441", "scoring_system": "epss", "scoring_elements": "0.91234", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06441", "scoring_system": "epss", "scoring_elements": "0.9123", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06441", "scoring_system": "epss", "scoring_elements": "0.91245", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010174" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-1010174" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sc5h-wekv-tfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64939?format=api", "vulnerability_id": "VCID-ssbt-qf91-33ed", "summary": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"16 bits colors\" case, aka case 16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7639", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780", "reference_id": "892780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517580?format=api", "purl": "pkg:deb/debian/cimg@2.4.5%2Bdfsg-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8cd5-4k3y-j3fj" }, { "vulnerability": "VCID-waku-yq9v-pqff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.4.5%252Bdfsg-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-7639" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssbt-qf91-33ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53845?format=api", "vulnerability_id": "VCID-waku-yq9v-pqff", "summary": "Out-of-bounds Write\nCImg suffers from integer overflows leading to heap buffer overflows in `load_pnm()` that can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68601", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68552", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68593", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68597", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68595", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.6858", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25693" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25693" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973770", "reference_id": "973770", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973770" }, { "reference_url": "https://security.archlinux.org/ASA-202012-2", "reference_id": "ASA-202012-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-2" }, { "reference_url": "https://security.archlinux.org/AVG-1318", "reference_id": "AVG-1318", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1318" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25693", "reference_id": "CVE-2020-25693", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25693" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510380?format=api", "purl": "pkg:deb/debian/cimg@2.9.4%2Bdfsg-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zny-9rn5-8kcr" }, { "vulnerability": "VCID-6w38-myrq-s3cc" }, { "vulnerability": "VCID-jcxb-h3fw-fbgc" }, { "vulnerability": "VCID-qgx6-qx1h-n7f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@2.9.4%252Bdfsg-2" } ], "aliases": [ "CVE-2020-25693" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-waku-yq9v-pqff" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cimg@1.5.9%252Bdfsg-1" }