{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"libsdl2-image","version":"2.8.12+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5493?format=json","vulnerability_id":"VCID-397f-2efb-byfm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3977","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75914","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75985","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3977"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912617","reference_id":"912617","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912618","reference_id":"912618","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912618"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56160?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-3977"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-397f-2efb-byfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71829?format=json","vulnerability_id":"VCID-3r69-7wx9-ekgq","summary":"SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35444","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01925","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01929","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133010","reference_id":"1133010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133011","reference_id":"1133011","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133011"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133012","reference_id":"1133012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133012"},{"reference_url":"https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7","reference_id":"GHSA-gq8w-x74c-h6p7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:06:16Z/"}],"url":"https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56162?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-35444"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r69-7wx9-ekgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207285?format=json","vulnerability_id":"VCID-3v15-94sy-hyfy","summary":"An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5051","reference_id":"","reference_type":"","scores":[{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80754","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5051"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5051","TALOS-2019-0820"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3v15-94sy-hyfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206719?format=json","vulnerability_id":"VCID-5nhp-9x6f-r3bx","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12221.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12221","reference_id":"","reference_type":"","scores":[{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80724","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01384","scoring_system":"epss","scoring_elements":"0.80784","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12221"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732250","reference_id":"1732250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12221"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nhp-9x6f-r3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206710?format=json","vulnerability_id":"VCID-6557-dmwt-mqdw","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12216.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12216","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77208","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12216"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732252","reference_id":"1732252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732252"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12216"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6557-dmwt-mqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5490?format=json","vulnerability_id":"VCID-6cf8-zk48-kyem","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3837","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58103","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58217","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-3837","TALOS-2018-0519"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cf8-zk48-kyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207289?format=json","vulnerability_id":"VCID-73ss-73yr-pubk","summary":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5058","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.77019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7709","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5058","TALOS-2019-0842"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73ss-73yr-pubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206712?format=json","vulnerability_id":"VCID-7a2m-q139-6yav","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12217.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12217","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75701","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75771","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732254","reference_id":"1732254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732254"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12217"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7a2m-q139-6yav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207288?format=json","vulnerability_id":"VCID-8bup-qj12-ybcj","summary":"An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5057","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.77019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7709","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5057"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5057","TALOS-2019-0841"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bup-qj12-ybcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7206?format=json","vulnerability_id":"VCID-9hrc-2z9r-hyfu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7635.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7635","reference_id":"","reference_type":"","scores":[{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84622","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02151","scoring_system":"epss","scoring_elements":"0.84676","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677158","reference_id":"1677158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677158"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609","reference_id":"924609","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610","reference_id":"924610","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://security.gentoo.org/glsa/201909-07","reference_id":"GLSA-201909-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-07"},{"reference_url":"https://security.gentoo.org/glsa/202305-17","reference_id":"GLSA-202305-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3868","reference_id":"RHSA-2020:3868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4627","reference_id":"RHSA-2020:4627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4627"},{"reference_url":"https://usn.ubuntu.com/4143-1/","reference_id":"USN-4143-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4143-1/"},{"reference_url":"https://usn.ubuntu.com/4156-1/","reference_id":"USN-4156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-1/"},{"reference_url":"https://usn.ubuntu.com/4156-2/","reference_id":"USN-4156-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-2/"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7635"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hrc-2z9r-hyfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6289?format=json","vulnerability_id":"VCID-9khe-1w5f-aqbf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13616.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13616","reference_id":"","reference_type":"","scores":[{"value":"0.07188","scoring_system":"epss","scoring_elements":"0.9178","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07188","scoring_system":"epss","scoring_elements":"0.91808","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747237","reference_id":"1747237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934","reference_id":"940934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934"},{"reference_url":"https://security.gentoo.org/glsa/202305-17","reference_id":"GLSA-202305-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3950","reference_id":"RHSA-2019:3950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3951","reference_id":"RHSA-2019:3951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0293","reference_id":"RHSA-2020:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0293"},{"reference_url":"https://usn.ubuntu.com/4156-1/","reference_id":"USN-4156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-1/"},{"reference_url":"https://usn.ubuntu.com/4156-2/","reference_id":"USN-4156-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4156-2/"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13616"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9khe-1w5f-aqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206718?format=json","vulnerability_id":"VCID-9qt3-k63p-4ugt","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12220.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12220","reference_id":"","reference_type":"","scores":[{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73306","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732260","reference_id":"1732260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732260"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12220"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qt3-k63p-4ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2933?format=json","vulnerability_id":"VCID-9vb8-ssny-mua9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14441","reference_id":"","reference_type":"","scores":[{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80291","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0132","scoring_system":"epss","scoring_elements":"0.80352","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14441","TALOS-2017-0490"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vb8-ssny-mua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206716?format=json","vulnerability_id":"VCID-a4kp-tfpq-tye3","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12219.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12219","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73958","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.74031","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732258","reference_id":"1732258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732258"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12219"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4kp-tfpq-tye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2935?format=json","vulnerability_id":"VCID-bts6-p2xj-8yhp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14448","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81816","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81877","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14448","TALOS-2017-0497"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bts6-p2xj-8yhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207291?format=json","vulnerability_id":"VCID-d4t5-pzkp-e3es","summary":"An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5059","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.77019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7709","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5059"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5059","TALOS-2019-0843"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4t5-pzkp-e3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5491?format=json","vulnerability_id":"VCID-dchq-3mnq-n3a5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3838","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62631","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62733","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-3838","TALOS-2018-0520"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dchq-3mnq-n3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206721?format=json","vulnerability_id":"VCID-eawm-gc96-nuad","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12222.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12222","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72643","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732262","reference_id":"1732262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12222"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eawm-gc96-nuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2546?format=json","vulnerability_id":"VCID-fku7-8zqd-b7bw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12122","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81816","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81877","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12122","TALOS-2017-0488"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fku7-8zqd-b7bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207293?format=json","vulnerability_id":"VCID-gfgd-erpw-mkc7","summary":"An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5060","reference_id":"","reference_type":"","scores":[{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80286","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80347","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5060"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5060","TALOS-2019-0844"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgd-erpw-mkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206714?format=json","vulnerability_id":"VCID-jhut-dr6e-1khz","summary":"An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12218.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12218","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7329","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73367","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732256","reference_id":"1732256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732256"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12218"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhut-dr6e-1khz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207287?format=json","vulnerability_id":"VCID-mqyn-16ut-4yb7","summary":"An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5052","reference_id":"","reference_type":"","scores":[{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81608","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81668","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754","reference_id":"932754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755","reference_id":"932755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755"},{"reference_url":"https://usn.ubuntu.com/4238-1/","reference_id":"USN-4238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56161?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5052","TALOS-2019-0821"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqyn-16ut-4yb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2936?format=json","vulnerability_id":"VCID-nm4w-v3tr-cbgr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14450","reference_id":"","reference_type":"","scores":[{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76748","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76818","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14450","TALOS-2017-0499"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nm4w-v3tr-cbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129575?format=json","vulnerability_id":"VCID-nqnv-kkez-5qgf","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14449","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.71027","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.71116","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14449","TALOS-2017-0498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqnv-kkez-5qgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2934?format=json","vulnerability_id":"VCID-p7er-gqxe-c3ej","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14442","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81816","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81877","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14442","TALOS-2017-0491"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7er-gqxe-c3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2932?format=json","vulnerability_id":"VCID-wcpc-g2a6-zfd4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14440","reference_id":"","reference_type":"","scores":[{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83858","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01953","scoring_system":"epss","scoring_elements":"0.83915","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14440","TALOS-2017-0489"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcpc-g2a6-zfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5492?format=json","vulnerability_id":"VCID-wtm9-r5ga-m3bw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3839","reference_id":"","reference_type":"","scores":[{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.79018","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01163","scoring_system":"epss","scoring_elements":"0.79084","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201903-17","reference_id":"GLSA-201903-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-3839","TALOS-2018-0521"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtm9-r5ga-m3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3386?format=json","vulnerability_id":"VCID-xbb9-5r4v-5ffb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2887","reference_id":"","reference_type":"","scores":[{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82454","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01656","scoring_system":"epss","scoring_elements":"0.82516","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878266","reference_id":"878266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878267","reference_id":"878267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56159?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.1%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.1%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:deb/debian/libsdl2-image@2.0.5%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.0.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56154?format=json","purl":"pkg:deb/debian/libsdl2-image@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r69-7wx9-ekgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:deb/debian/libsdl2-image@2.8.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-2887","TALOS-2017-0394"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbb9-5r4v-5ffb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsdl2-image@2.8.12%252Bdfsg-1%3Fdistro=trixie"}