Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/571001?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/571001?format=api", "purl": "pkg:deb/debian/gimp@2.2.6-1sarge4", "type": "deb", "namespace": "debian", "name": "gimp", "version": "2.2.6-1sarge4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.34-1+deb12u10", "latest_non_vulnerable_version": "3.0.4-3+deb13u8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60882?format=api", "vulnerability_id": "VCID-1da3-1t47-4ygh", "summary": "Multiple vulnerabilities have been discovered in GIMP, allowing for the\n remote execution of arbitrary code.", "references": [ { "reference_url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379" }, { "reference_url": "http://developer.gimp.org/NEWS-2.2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://developer.gimp.org/NEWS-2.2" }, { "reference_url": "http://issues.foresightlinux.org/browse/FL-457", "reference_id": "", "reference_type": "", "scores": [], "url": "http://issues.foresightlinux.org/browse/FL-457" }, { "reference_url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551", "reference_id": "", "reference_type": "", "scores": [], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551" }, { "reference_url": "http://osvdb.org/42139", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42139" }, { "reference_url": "http://osvdb.org/42140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42140" }, { "reference_url": "http://osvdb.org/42141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42141" }, { "reference_url": "http://osvdb.org/42142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42142" }, { "reference_url": "http://osvdb.org/42143", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42143" }, { "reference_url": "http://osvdb.org/42144", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42144" }, { "reference_url": "http://osvdb.org/42145", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42145" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4519.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91861", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91883", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91896", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.9192", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91916", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91869", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07669", "scoring_system": "epss", "scoring_elements": "0.91876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09264", "scoring_system": "epss", "scoring_elements": "0.92748", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09264", "scoring_system": "epss", "scoring_elements": "0.92757", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.09264", "scoring_system": "epss", "scoring_elements": "0.9277", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.09264", "scoring_system": "epss", "scoring_elements": "0.92745", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09264", "scoring_system": "epss", "scoring_elements": "0.92752", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519" }, { "reference_url": "http://secunia.com/advisories/26132", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26132" }, { "reference_url": "http://secunia.com/advisories/26215", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26215" }, { "reference_url": "http://secunia.com/advisories/26240", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26240" }, { "reference_url": "http://secunia.com/advisories/26575", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26575" }, { "reference_url": "http://secunia.com/advisories/26939", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26939" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200707-09.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200707-09.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842" }, { "reference_url": "http://www.debian.org/security/2007/dsa-1335", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2007/dsa-1335" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/24835", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24835" }, { "reference_url": "http://www.securitytracker.com/id?1018349", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1018349" }, { "reference_url": "http://www.ubuntu.com/usn/usn-494-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-494-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2471", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=247565", "reference_id": "247565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247565" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4519", "reference_id": "CVE-2006-4519", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4519" }, { "reference_url": "https://security.gentoo.org/glsa/200707-09", "reference_id": "GLSA-200707-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0513", "reference_id": "RHSA-2007:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0513" }, { "reference_url": "https://usn.ubuntu.com/494-1/", "reference_id": "USN-494-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/494-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571004?format=api", "purl": "pkg:deb/debian/gimp@2.4.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.4.7-1" } ], "aliases": [ "CVE-2006-4519" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1da3-1t47-4ygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64452?format=api", "vulnerability_id": "VCID-1w47-u2aa-8uaj", "summary": "gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1515", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15052", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15236", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15129", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17406", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17314", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1745", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604", "reference_id": "1128604", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522", "reference_id": "2441522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_id": "68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/", "reference_id": "ZDI-26-119", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2045" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w47-u2aa-8uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56767?format=api", "vulnerability_id": "VCID-23ev-8ph6-qyd8", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/03/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/04/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/04/7" }, { "reference_url": "http://osvdb.org/70282", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/70282" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4540.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4540.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89645", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89549", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89553", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89566", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89583", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89601", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89603", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89613", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89617", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04891", "scoring_system": "epss", "scoring_elements": "0.89626", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540" }, { "reference_url": "http://secunia.com/advisories/42771", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/42771" }, { "reference_url": "http://secunia.com/advisories/44750", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44750" }, { "reference_url": "http://secunia.com/advisories/48236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48236" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64582" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2426" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0016", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "608497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793", "reference_id": "666793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4540", "reference_id": "CVE-2010-4540", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4540" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0839", "reference_id": "RHSA-2011:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0839" }, { "reference_url": "https://usn.ubuntu.com/1109-1/", "reference_id": "USN-1109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2010-4540" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23ev-8ph6-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96594?format=api", "vulnerability_id": "VCID-2k57-pmhe-9uds", "summary": "GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44478", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44705", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44608", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44528", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44407", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44662", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44702", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44751", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44681", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44601", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/", "reference_id": "ZDI-25-204", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:21:41Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-2761" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k57-pmhe-9uds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64643?format=api", "vulnerability_id": "VCID-2p8s-2h2y-aqg4", "summary": "gimp: GIMP: Denial of service via crafted PSP image file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15659", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15529", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20976", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27906", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27864", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33991", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33972", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841", "reference_id": "1127841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732", "reference_id": "15732", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429", "reference_id": "2438429", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2271", "reference_id": "CVE-2026-2271", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2271" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p8s-2h2y-aqg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64891?format=api", "vulnerability_id": "VCID-2yr2-zppt-47eq", "summary": "gimp: heap-based buffer overflow via specially crafted PSP file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12881", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12838", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1296", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12927", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13006", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13058", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1298", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12934", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12835", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e", "reference_id": "03575ac8cbb0ef3103b0a15d6598475088dcc15e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267", "reference_id": "1126267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432296", "reference_id": "2432296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2707", "reference_id": "RHSA-2026:2707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2930", "reference_id": "RHSA-2026:2930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2950", "reference_id": "RHSA-2026:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2953", "reference_id": "RHSA-2026:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2969", "reference_id": "RHSA-2026:2969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2969" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1196/", "reference_id": "ZDI-25-1196", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1196/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-15059" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yr2-zppt-47eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81574?format=api", "vulnerability_id": "VCID-35p4-a8t3-f3g1", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2589.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2589.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4994.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4994.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70446", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70612", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.7059", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70599", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70571", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70501", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70524", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.7051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70553", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70562", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4994" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=767873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=767873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3612" }, { "reference_url": "http://www.securityfocus.com/bid/91425", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91425" }, { "reference_url": "http://www.securitytracker.com/id/1036226", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036226" }, { "reference_url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3025-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3025-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617", "reference_id": "1348617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828179", "reference_id": "828179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828179" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4994", "reference_id": "CVE-2016-4994", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2589", "reference_id": "RHSA-2016:2589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2589" }, { "reference_url": "https://usn.ubuntu.com/3025-1/", "reference_id": "USN-3025-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3025-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4994" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35p4-a8t3-f3g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70756?format=api", "vulnerability_id": "VCID-4wae-t183-yydb", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76251", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76211", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76222", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76066", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76077", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76149", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76122", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00932", "scoring_system": "epss", "scoring_elements": "0.76167", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17789" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=790849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=790849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "http://www.securityfocus.com/bid/102898", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529146", "reference_id": "1529146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884837", "reference_id": "884837", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884837" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17789", "reference_id": "CVE-2017-17789", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17789" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17789" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wae-t183-yydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56764?format=api", "vulnerability_id": "VCID-5ds4-62sx-xud3", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1570.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86705", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86735", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86734", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86762", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86788", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86802", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86808", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86829", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0308", "scoring_system": "epss", "scoring_elements": "0.86848", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=537356", "reference_id": "537356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555929", "reference_id": "555929", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555929" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0837", "reference_id": "RHSA-2011:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" }, { "reference_url": "https://usn.ubuntu.com/880-1/", "reference_id": "USN-880-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/880-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571005?format=api", "purl": "pkg:deb/debian/gimp@2.6.10-1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.6.10-1%252Bsqueeze4" } ], "aliases": [ "CVE-2009-1570" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ds4-62sx-xud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87052?format=api", "vulnerability_id": "VCID-5yx1-7s7z-m3ar", "summary": "gimp: NULL pointer deref crash when reading FIT file with crafted XTENSION header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3236.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92863", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.9287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92874", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.9288", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92889", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92906", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92909", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92912", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92907", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92915", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.09627", "scoring_system": "epss", "scoring_elements": "0.92928", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=834627", "reference_id": "834627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=834627" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/19482.txt", "reference_id": "CVE-2012-3236;OSVDB-83634", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/19482.txt" }, { "reference_url": "https://usn.ubuntu.com/1559-1/", "reference_id": "USN-1559-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1559-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2012-3236" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yx1-7s7z-m3ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86700?format=api", "vulnerability_id": "VCID-6uzq-6ejf-kudc", "summary": "autotrace: buffer overflow when parsing BMP files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1953.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57182", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57286", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57317", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.5733", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57311", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.5729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57318", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57292", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57249", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57272", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57203", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57247", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=951257", "reference_id": "951257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951257" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571005?format=api", "purl": "pkg:deb/debian/gimp@2.6.10-1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.6.10-1%252Bsqueeze4" } ], "aliases": [ "CVE-2013-1953" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzq-6ejf-kudc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56256?format=api", "vulnerability_id": "VCID-6yt4-22x4-2kdk", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3481.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88162", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88046", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88074", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88094", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88099", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88102", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88103", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88131", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88136", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88135", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03809", "scoring_system": "epss", "scoring_elements": "0.88148", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3481" }, { "reference_url": "https://bugzilla.novell.com/show_bug.cgi?id=776572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.novell.com/show_bug.cgi?id=776572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3481" }, { "reference_url": "http://secunia.com/advisories/50296", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50296" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/20/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/20/8" }, { "reference_url": "http://www.securityfocus.com/bid/55101", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55101" }, { "reference_url": "http://www.securitytracker.com/id?1027411", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1027411" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1559-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1559-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685397", "reference_id": "685397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685397" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847303", "reference_id": "847303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847303" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3481", "reference_id": "CVE-2012-3481", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3481" }, { "reference_url": "https://security.gentoo.org/glsa/201311-05", "reference_id": "GLSA-201311-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1180", "reference_id": "RHSA-2012:1180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1181", "reference_id": "RHSA-2012:1181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1181" }, { "reference_url": "https://usn.ubuntu.com/1559-1/", "reference_id": "USN-1559-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1559-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2012-3481" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yt4-22x4-2kdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96592?format=api", "vulnerability_id": "VCID-81y4-4cxp-bybu", "summary": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63769", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63674", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63757", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6374", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63726", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758", "reference_id": "1107758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/", "reference_id": "ZDI-25-203", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:26:53Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-2760" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81y4-4cxp-bybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56774?format=api", "vulnerability_id": "VCID-8fnp-pegd-vkf3", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3402.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81675", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81528", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81554", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81567", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81597", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81603", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81625", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81633", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81638", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01578", "scoring_system": "epss", "scoring_elements": "0.81653", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3402" }, { "reference_url": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3402" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/20/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/20/6" }, { "reference_url": "http://www.securitytracker.com/id?1027411", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1027411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=838941", "reference_id": "838941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838941" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3402", "reference_id": "CVE-2012-3402", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3402" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1181", "reference_id": "RHSA-2012:1181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1181" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571004?format=api", "purl": "pkg:deb/debian/gimp@2.4.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.4.7-1" } ], "aliases": [ "CVE-2012-3402" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fnp-pegd-vkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69459?format=api", "vulnerability_id": "VCID-99yx-7yr3-dfht", "summary": "gimp: GIMP ICO File Parsing Integer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82066", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82022", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82027", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82046", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81947", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81967", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.8195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81986", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005", "reference_id": "1105005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370867", "reference_id": "2370867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370867" }, { "reference_url": "https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes", "reference_id": "#general-bugfixes", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/" } ], "url": "https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8082-1/", "reference_id": "USN-8082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8082-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-321/", "reference_id": "ZDI-25-321", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-321/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-5473" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99yx-7yr3-dfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62051?format=api", "vulnerability_id": "VCID-bcwp-42cm-g3et", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44444.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97916", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97911", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97908", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97909", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97915", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.9789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97897", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.979", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97901", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.97903", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51792", "scoring_system": "epss", "scoring_elements": "0.9791", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984", "reference_id": "1055984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249946", "reference_id": "2249946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249946" }, { "reference_url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/", "reference_id": "gimp-2-10-36-released", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T14:16:55Z/" } ], "url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0675", "reference_id": "RHSA-2024:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0702", "reference_id": "RHSA-2024:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0716", "reference_id": "RHSA-2024:0716", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0716" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0861", "reference_id": "RHSA-2024:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0862", "reference_id": "RHSA-2024:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0863", "reference_id": "RHSA-2024:0863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1007", "reference_id": "RHSA-2024:1007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10666", "reference_id": "RHSA-2024:10666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1327", "reference_id": "RHSA-2024:1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0746", "reference_id": "RHSA-2025:0746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3617", "reference_id": "RHSA-2025:3617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3629", "reference_id": "RHSA-2025:3629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7417", "reference_id": "RHSA-2025:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7417" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1591/", "reference_id": "ZDI-23-1591", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T14:16:55Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1591/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026169?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2" } ], "aliases": [ "CVE-2023-44444", "ZDI-CAN-22097" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcwp-42cm-g3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79701?format=api", "vulnerability_id": "VCID-bf8d-qkyh-auds", "summary": "Gimp: context-dependent attackers to cause a denial of service", "references": [ { "reference_url": "http://osvdb.org/43453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/43453" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75525", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75703", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.7567", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75674", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75527", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75557", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.7559", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75596", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75589", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75626", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.7563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75654", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75659", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3126" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=778604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3126" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7" }, { "reference_url": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/" }, { "reference_url": "http://www.securityfocus.com/archive/1/470751/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/470751/100/0/threaded" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051868", "reference_id": "2051868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051868" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885382", "reference_id": "885382", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885382" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3126", "reference_id": "CVE-2007-3126", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3126" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2007-3126" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf8d-qkyh-auds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69446?format=api", "vulnerability_id": "VCID-bhsc-qy1f-27dj", "summary": "gimp: Gimp Integer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02243", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02242", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10482", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1046", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10329", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10301", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10291", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12875", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1291", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518", "reference_id": "13518", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515", "reference_id": "2372515", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6035", "reference_id": "CVE-2025-6035", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6035" }, { "reference_url": "https://usn.ubuntu.com/8082-1/", "reference_id": "USN-8082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8082-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-6035" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhsc-qy1f-27dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56769?format=api", "vulnerability_id": "VCID-bq1c-u55x-5beh", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/03/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/04/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/04/7" }, { "reference_url": "http://osvdb.org/70283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/70283" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4542.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4542.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4542", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87977", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87858", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87924", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.8793", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87946", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87953", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87952", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03676", "scoring_system": "epss", "scoring_elements": "0.87963", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4542" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542" }, { "reference_url": "http://secunia.com/advisories/42771", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/42771" }, { "reference_url": "http://secunia.com/advisories/44750", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44750" }, { "reference_url": "http://secunia.com/advisories/48236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48236" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2426" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0016", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "608497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=703405", "reference_id": "703405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703405" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4542", "reference_id": "CVE-2010-4542", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4542" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0839", "reference_id": "RHSA-2011:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0839" }, { "reference_url": "https://usn.ubuntu.com/1109-1/", "reference_id": "USN-1109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2010-4542" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1c-u55x-5beh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56768?format=api", "vulnerability_id": "VCID-cdfh-uhac-sbam", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/03/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/04/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/04/7" }, { "reference_url": "http://osvdb.org/70281", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/70281" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4541.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86801", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86762", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.8667", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86689", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86688", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.8673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86721", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86735", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.8674", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86737", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86754", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04027", "scoring_system": "epss", "scoring_elements": "0.8843", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541" }, { "reference_url": "http://secunia.com/advisories/42771", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/42771" }, { "reference_url": "http://secunia.com/advisories/44750", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44750" }, { "reference_url": "http://secunia.com/advisories/48236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48236" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2426" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0016", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "608497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=703403", "reference_id": "703403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703403" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4541", "reference_id": "CVE-2010-4541", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4541" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0837", "reference_id": "RHSA-2011:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0839", "reference_id": "RHSA-2011:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0839" }, { "reference_url": "https://usn.ubuntu.com/1109-1/", "reference_id": "USN-1109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2010-4541" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdfh-uhac-sbam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351414?format=api", "vulnerability_id": "VCID-d967-53mv-13b6", "summary": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0994", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09772", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09855", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0989", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533", "reference_id": "2457533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_id": "f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/", "reference_id": "ZDI-26-219", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4152" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62046?format=api", "vulnerability_id": "VCID-dav9-9ar6-gkbn", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29079", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28956", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28958", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28861", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28743", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28631", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28562", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28404", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28461", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087591", "reference_id": "2087591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087591" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7978", "reference_id": "RHSA-2022:7978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7978" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2022-30067" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-9ar6-gkbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267399?format=api", "vulnerability_id": "VCID-dkmg-nu4f-xbay", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10971", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10835", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11006", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20973", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_id": "00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535", "reference_id": "2457535", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/", "reference_id": "ZDI-26-217", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4150" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69509?format=api", "vulnerability_id": "VCID-dtpr-ndvm-5udg", "summary": "gimp: Multiple heap buffer overflows in TGA parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23964", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24045", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24204", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24191", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24168", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822", "reference_id": "11822", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368558", "reference_id": "2368558", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368558" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-48797", "reference_id": "CVE-2025-48797", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-48797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-48797" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dtpr-ndvm-5udg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61025?format=api", "vulnerability_id": "VCID-enq7-y48z-gybf", "summary": "GIMP is vulnerable to a buffer overflow which may lead to the execution of\n arbitrary code.", "references": [ { "reference_url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40424", "scoring_system": "epss", "scoring_elements": "0.97329", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97362", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97375", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97377", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97378", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97379", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97387", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.9739", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97393", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97396", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97401", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.41011", "scoring_system": "epss", "scoring_elements": "0.97406", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2356" }, { "reference_url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356" }, { "reference_url": "http://secunia.com/advisories/25012", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25012" }, { "reference_url": "http://secunia.com/advisories/25111", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25111" }, { "reference_url": "http://secunia.com/advisories/25167", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25167" }, { "reference_url": "http://secunia.com/advisories/25239", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25239" }, { "reference_url": "http://secunia.com/advisories/25346", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25346" }, { "reference_url": "http://secunia.com/advisories/25359", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25359" }, { "reference_url": "http://secunia.com/advisories/25466", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25466" }, { "reference_url": "http://secunia.com/advisories/25573", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25573" }, { "reference_url": "http://secunia.com/advisories/28114", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/28114" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200705-08.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200705-08.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33911" }, { "reference_url": "https://issues.rpath.com/browse/RPL-1318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-1318" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1" }, { "reference_url": "http://www.debian.org/security/2007/dsa-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2007/dsa-1301" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:108" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0343.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2007-0343.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/467231/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/467231/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/23680", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/23680" }, { "reference_url": "http://www.securitytracker.com/id?1018092", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1018092" }, { "reference_url": "http://www.ubuntu.com/usn/usn-467-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-467-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/1560", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/1560" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/4241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=238420", "reference_id": "238420", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238420" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2356", "reference_id": "CVE-2007-2356", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2356" }, { "reference_url": "https://security.gentoo.org/glsa/200705-08", "reference_id": "GLSA-200705-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200705-08" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/3801.c", "reference_id": "OSVDB-35417;CVE-2007-2356", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/3801.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/3888.c", "reference_id": "OSVDB-35417;CVE-2007-2356", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/3888.c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0343", "reference_id": "RHSA-2007:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0343" }, { "reference_url": "https://usn.ubuntu.com/467-1/", "reference_id": "USN-467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/467-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571004?format=api", "purl": "pkg:deb/debian/gimp@2.4.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.4.7-1" } ], "aliases": [ "CVE-2007-2356" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enq7-y48z-gybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62050?format=api", "vulnerability_id": "VCID-eybg-sjmd-q7a2", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98408", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98426", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98428", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98429", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98434", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98411", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98414", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98417", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98418", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.63756", "scoring_system": "epss", "scoring_elements": "0.98421", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984", "reference_id": "1055984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249944", "reference_id": "2249944", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249944" }, { "reference_url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/", "reference_id": "gimp-2-10-36-released", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T17:14:40Z/" } ], "url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0675", "reference_id": "RHSA-2024:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0702", "reference_id": "RHSA-2024:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0716", "reference_id": "RHSA-2024:0716", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0716" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0746", "reference_id": "RHSA-2025:0746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3617", "reference_id": "RHSA-2025:3617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3629", "reference_id": "RHSA-2025:3629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7417", "reference_id": "RHSA-2025:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7417" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1593/", "reference_id": "ZDI-23-1593", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T17:14:40Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1593/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026169?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2" } ], "aliases": [ "CVE-2023-44443", "ZDI-CAN-22096" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eybg-sjmd-q7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54806?format=api", "vulnerability_id": "VCID-fta8-9na3-u3hb", "summary": "several", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1913.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83676", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83705", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83741", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83776", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.838", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83809", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83816", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.8384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02017", "scoring_system": "epss", "scoring_elements": "0.83861", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731305", "reference_id": "731305", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868", "reference_id": "947868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868" }, { "reference_url": "https://security.gentoo.org/glsa/201603-01", "reference_id": "GLSA-201603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1778", "reference_id": "RHSA-2013:1778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1778" }, { "reference_url": "https://usn.ubuntu.com/2051-1/", "reference_id": "USN-2051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2051-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035810?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1" } ], "aliases": [ "CVE-2013-1913" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fta8-9na3-u3hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70751?format=api", "vulnerability_id": "VCID-g7zy-qgvc-cueg", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63621", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63598", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63611", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63605", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63578", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63584", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63579", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17784" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=790784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=790784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "http://www.securityfocus.com/bid/102899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102899" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529144", "reference_id": "1529144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884925", "reference_id": "884925", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884925" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17784", "reference_id": "CVE-2017-17784", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17784" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17784" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7zy-qgvc-cueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=api", "vulnerability_id": "VCID-gdxp-wy9y-m3h1", "summary": "gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25586", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25744", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2568", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25632", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25521", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25873", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25883", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25789", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25772", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459", "reference_id": "1116459", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188", "reference_id": "2407188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_id": "3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21968", "reference_id": "RHSA-2025:21968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22417", "reference_id": "RHSA-2025:22417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22445", "reference_id": "RHSA-2025:22445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22496", "reference_id": "RHSA-2025:22496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22497", "reference_id": "RHSA-2025:22497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22498", "reference_id": "RHSA-2025:22498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22866", "reference_id": "RHSA-2025:22866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23857", "reference_id": "RHSA-2025:23857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0027", "reference_id": "RHSA-2026:0027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0250", "reference_id": "RHSA-2026:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0356", "reference_id": "RHSA-2026:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0356" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/", "reference_id": "ZDI-25-911", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-10922" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdxp-wy9y-m3h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70755?format=api", "vulnerability_id": "VCID-hkc8-4uw7-2yc3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65887", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66051", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66019", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66031", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66005", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65958", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65976", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65988", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66007", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65964", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65998", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66012", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17788" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=790783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=790783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529141", "reference_id": "1529141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885347", "reference_id": "885347", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885347" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17788", "reference_id": "CVE-2017-17788", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17788" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17788" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkc8-4uw7-2yc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65827?format=api", "vulnerability_id": "VCID-hrab-t25s-5ybg", "summary": "gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28601", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28571", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28546", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28498", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35201", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35178", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35099", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34977", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35049", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424767", "reference_id": "2424767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424767" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd", "reference_id": "cd1c88a0364ad1444c06536731972a99bd8643fd", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0914", "reference_id": "RHSA-2026:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1511", "reference_id": "RHSA-2026:1511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1585", "reference_id": "RHSA-2026:1585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1586", "reference_id": "RHSA-2026:1586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1587", "reference_id": "RHSA-2026:1587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1587" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1139/", "reference_id": "ZDI-25-1139", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1139/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-14425" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hrab-t25s-5ybg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64455?format=api", "vulnerability_id": "VCID-jy45-8uuz-y7bf", "summary": "gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11093", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11061", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10903", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12881", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601", "reference_id": "1128601", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524", "reference_id": "2441524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_id": "69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/", "reference_id": "ZDI-26-050", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-0797" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy45-8uuz-y7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69508?format=api", "vulnerability_id": "VCID-krn9-65fh-sqgq", "summary": "gimp: Multiple use after free in XCF parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23964", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24168", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24045", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24204", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24191", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822", "reference_id": "11822", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557", "reference_id": "2368557", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-48798", "reference_id": "CVE-2025-48798", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-48798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-48798" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krn9-65fh-sqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56257?format=api", "vulnerability_id": "VCID-nb8e-umcc-yudg", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code.", "references": [ { "reference_url": "http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91045", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90932", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90937", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90946", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90967", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90973", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.90982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91007", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91021", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91019", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.91016", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06336", "scoring_system": "epss", "scoring_elements": "0.9103", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5576" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=687392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=687392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576" }, { "reference_url": "http://secunia.com/advisories/50296", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50296" }, { "reference_url": "http://secunia.com/advisories/51479", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51479" }, { "reference_url": "http://secunia.com/advisories/51528", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51528" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/27/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/11/27/1" }, { "reference_url": "http://www.securityfocus.com/bid/56647", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/56647" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1659-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1659-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693977", "reference_id": "693977", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693977" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=879302", "reference_id": "879302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879302" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5576", "reference_id": "CVE-2012-5576", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5576" }, { "reference_url": "https://security.gentoo.org/glsa/201311-05", "reference_id": "GLSA-201311-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1778", "reference_id": "RHSA-2013:1778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1778" }, { "reference_url": "https://usn.ubuntu.com/1659-1/", "reference_id": "USN-1659-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1659-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2012-5576" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8e-umcc-yudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267401?format=api", "vulnerability_id": "VCID-ney7-z8qy-kuce", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19253", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19177", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19096", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19202", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19242", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536", "reference_id": "2457536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_id": "98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/", "reference_id": "ZDI-26-220", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4153" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49990?format=api", "vulnerability_id": "VCID-pkzd-5g7r-cfh8", "summary": "GIMP is prone to a buffer overflow which may lead to the execution of\n arbitrary code when loading specially crafted XCF files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3404.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83184", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.832", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83213", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83245", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.8326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83254", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83286", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83289", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83312", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.8332", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83327", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83352", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01905", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618141", "reference_id": "1618141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049", "reference_id": "377049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049" }, { "reference_url": "https://security.gentoo.org/glsa/200607-08", "reference_id": "GLSA-200607-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200607-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0598", "reference_id": "RHSA-2006:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0598" }, { "reference_url": "https://usn.ubuntu.com/312-1/", "reference_id": "USN-312-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/312-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571002?format=api", "purl": "pkg:deb/debian/gimp@2.2.13-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1da3-1t47-4ygh" }, { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-8fnp-pegd-vkf3" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-enq7-y48z-gybf" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-teck-svws-tyae" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-vjn6-7mrr-j7cn" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.2.13-1" } ], "aliases": [ "CVE-2006-3404" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkzd-5g7r-cfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70754?format=api", "vulnerability_id": "VCID-q23d-29ut-uyhd", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56694", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56749", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56746", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56764", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56748", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56809", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56784", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56841", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56848", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56826", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56804", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56835", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56833", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56808", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17787" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=790853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=790853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529143", "reference_id": "1529143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529143" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884927", "reference_id": "884927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884927" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17787", "reference_id": "CVE-2017-17787", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17787" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17787" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q23d-29ut-uyhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64670?format=api", "vulnerability_id": "VCID-qsyr-7tn1-uyhv", "summary": "gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06008", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05985", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06052", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00864", "published_at": "2026-05-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0087", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838", "reference_id": "1127838", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15812", "reference_id": "15812", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15812" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437675", "reference_id": "2437675", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437675" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2239", "reference_id": "CVE-2026-2239", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2239" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2239" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsyr-7tn1-uyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70753?format=api", "vulnerability_id": "VCID-r1ds-par2-5kb4", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55463", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55538", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55551", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55569", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55543", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55491", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55575", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55629", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55641", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.5562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55624", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17786" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=739134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=739134" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "http://www.securityfocus.com/bid/102765", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529145", "reference_id": "1529145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884862", "reference_id": "884862", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884862" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17786", "reference_id": "CVE-2017-17786", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17786" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17786" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ds-par2-5kb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54807?format=api", "vulnerability_id": "VCID-rgcb-3vf1-23dk", "summary": "several", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87429", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87438", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87452", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.8748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87491", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87483", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87498", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.875", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87515", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.8752", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87533", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03438", "scoring_system": "epss", "scoring_elements": "0.87548", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731305", "reference_id": "731305", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902", "reference_id": "953902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902" }, { "reference_url": "https://security.gentoo.org/glsa/201603-01", "reference_id": "GLSA-201603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1778", "reference_id": "RHSA-2013:1778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1778" }, { "reference_url": "https://usn.ubuntu.com/2051-1/", "reference_id": "USN-2051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2051-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035810?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1" } ], "aliases": [ "CVE-2013-1978" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgcb-3vf1-23dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64450?format=api", "vulnerability_id": "VCID-rraw-1e9t-x3f3", "summary": "gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14509", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14505", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14691", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14502", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16851", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16736", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1687", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606", "reference_id": "1128606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527", "reference_id": "2441527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_id": "diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/", "reference_id": "ZDI-26-121", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2048" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rraw-1e9t-x3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62048?format=api", "vulnerability_id": "VCID-s17j-j45c-nqgs", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44441.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93669", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93744", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93723", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93726", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93725", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.9368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.93713", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11742", "scoring_system": "epss", "scoring_elements": "0.9372", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984", "reference_id": "1055984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249938", "reference_id": "2249938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249938" }, { "reference_url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/", "reference_id": "gimp-2-10-36-released", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:16:52Z/" } ], "url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0675", "reference_id": "RHSA-2024:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0702", "reference_id": "RHSA-2024:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0716", "reference_id": "RHSA-2024:0716", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0716" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3617", "reference_id": "RHSA-2025:3617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3629", "reference_id": "RHSA-2025:3629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7417", "reference_id": "RHSA-2025:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7417" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" }, { "reference_url": "https://usn.ubuntu.com/7209-1/", "reference_id": "USN-7209-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7209-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1592/", "reference_id": "ZDI-23-1592", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:16:52Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1592/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026169?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2" } ], "aliases": [ "CVE-2023-44441", "ZDI-CAN-22093" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s17j-j45c-nqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87384?format=api", "vulnerability_id": "VCID-sn31-adaw-8kbz", "summary": "Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1782.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81251", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81282", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8131", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81351", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81353", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81383", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81425", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629830", "reference_id": "629830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=704512", "reference_id": "704512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704512" }, { "reference_url": "https://usn.ubuntu.com/1147-1/", "reference_id": "USN-1147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-1782" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sn31-adaw-8kbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56770?format=api", "vulnerability_id": "VCID-svvz-6tap-wqbe", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/03/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/01/04/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2011/01/04/7" }, { "reference_url": "http://osvdb.org/70284", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/70284" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4543.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4543.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95833", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95849", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95852", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95861", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95864", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95868", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95869", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95881", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95886", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95889", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.9589", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.22756", "scoring_system": "epss", "scoring_elements": "0.95903", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543" }, { "reference_url": "http://secunia.com/advisories/42771", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/42771" }, { "reference_url": "http://secunia.com/advisories/44750", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44750" }, { "reference_url": "http://secunia.com/advisories/48236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48236" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2426" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0016", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", "reference_id": "608497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=703407", "reference_id": "703407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703407" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4543", "reference_id": "CVE-2010-4543", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4543" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35162.cob", "reference_id": "CVE-2010-4543;OSVDB-70284", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35162.cob" }, { "reference_url": "https://www.securityfocus.com/bid/45647/info", "reference_id": "CVE-2010-4543;OSVDB-70284", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/45647/info" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0837", "reference_id": "RHSA-2011:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0839", "reference_id": "RHSA-2011:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0839" }, { "reference_url": "https://usn.ubuntu.com/1109-1/", "reference_id": "USN-1109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2010-4543" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svvz-6tap-wqbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88673?format=api", "vulnerability_id": "VCID-teck-svws-tyae", "summary": "Gimp image loader multiple input validation flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3741.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3741.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82455", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82469", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82483", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.8251", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82517", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82536", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82532", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01744", "scoring_system": "epss", "scoring_elements": "0.82527", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82884", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82883", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82885", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82907", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82941", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01815", "scoring_system": "epss", "scoring_elements": "0.82961", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3741" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=248053", "reference_id": "248053", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0513", "reference_id": "RHSA-2007:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0513" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571004?format=api", "purl": "pkg:deb/debian/gimp@2.4.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.4.7-1" } ], "aliases": [ "CVE-2007-3741" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-teck-svws-tyae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56765?format=api", "vulnerability_id": "VCID-tq1x-gwac-6uc9", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3909.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.9132", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91254", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91279", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91289", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91288", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06708", "scoring_system": "epss", "scoring_elements": "0.91304", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93599", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.11539", "scoring_system": "epss", "scoring_elements": "0.9359", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=537370", "reference_id": "537370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537370" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556750", "reference_id": "556750", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556750" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1181", "reference_id": "RHSA-2012:1181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1181" }, { "reference_url": "https://usn.ubuntu.com/880-1/", "reference_id": "USN-880-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/880-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571005?format=api", "purl": "pkg:deb/debian/gimp@2.6.10-1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.6.10-1%252Bsqueeze4" } ], "aliases": [ "CVE-2009-3909" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq1x-gwac-6uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65830?format=api", "vulnerability_id": "VCID-tth9-nncy-5qap", "summary": "gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30228", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30193", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3019", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30097", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30052", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36997", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36965", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36878", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36762", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36828", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424766", "reference_id": "2424766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424766" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb", "reference_id": "4ff2d773d58064e6130495de498e440f4a6d5edb", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0914", "reference_id": "RHSA-2026:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1511", "reference_id": "RHSA-2026:1511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1574", "reference_id": "RHSA-2026:1574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1584", "reference_id": "RHSA-2026:1584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1585", "reference_id": "RHSA-2026:1585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1586", "reference_id": "RHSA-2026:1586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1587", "reference_id": "RHSA-2026:1587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1588", "reference_id": "RHSA-2026:1588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1589", "reference_id": "RHSA-2026:1589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1590", "reference_id": "RHSA-2026:1590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1591", "reference_id": "RHSA-2026:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1591" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/", "reference_id": "ZDI-25-1136", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-14422" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tth9-nncy-5qap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56771?format=api", "vulnerability_id": "VCID-u8j3-25up-5bcb", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84559", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84379", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84393", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84414", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84455", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84451", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84474", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84476", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84503", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84516", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02208", "scoring_system": "epss", "scoring_elements": "0.84533", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1178" }, { "reference_url": "http://secunia.com/advisories/50737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50737" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" }, { "reference_url": "http://securitytracker.com/id?1025586", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025586" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67787" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:110", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:110" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" }, { "reference_url": "http://www.securityfocus.com/bid/48057", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/48057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=689831", "reference_id": "689831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689831" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1178", "reference_id": "CVE-2011-1178", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1178" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0837", "reference_id": "RHSA-2011:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0838", "reference_id": "RHSA-2011:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0838" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571005?format=api", "purl": "pkg:deb/debian/gimp@2.6.10-1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.6.10-1%252Bsqueeze4" } ], "aliases": [ "CVE-2011-1178" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8j3-25up-5bcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64453?format=api", "vulnerability_id": "VCID-ubet-venh-tqct", "summary": "gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11618", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11836", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13638", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13483", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13574", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521", "reference_id": "2441521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_id": "diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/", "reference_id": "ZDI-26-118", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2044" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubet-venh-tqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64642?format=api", "vulnerability_id": "VCID-uujf-3fhp-8fgg", "summary": "gimp: GIMP: Memory corruption due to integer overflow in ICO file handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07972", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0794", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11388", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24129", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24253", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24115", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24328", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24729", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842", "reference_id": "1127842", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15617", "reference_id": "15617", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15617" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438428", "reference_id": "2438428", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438428" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2272", "reference_id": "CVE-2026-2272", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2272" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uujf-3fhp-8fgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60883?format=api", "vulnerability_id": "VCID-vjn6-7mrr-j7cn", "summary": "Multiple vulnerabilities have been discovered in GIMP, allowing for the\n remote execution of arbitrary code.", "references": [ { "reference_url": "http://issues.foresightlinux.org/browse/FL-457", "reference_id": "", "reference_type": "", "scores": [], "url": "http://issues.foresightlinux.org/browse/FL-457" }, { "reference_url": "http://osvdb.org/37804", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/37804" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2949.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97043", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.96988", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.96995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.96999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97001", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97012", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97014", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97025", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97029", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97033", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97034", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97036", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.97037", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.34769", "scoring_system": "epss", "scoring_elements": "0.9704", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2949" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949" }, { "reference_url": "http://secunia.com/advisories/25677", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25677" }, { "reference_url": "http://secunia.com/advisories/25949", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25949" }, { "reference_url": "http://secunia.com/advisories/26044", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26044" }, { "reference_url": "http://secunia.com/advisories/26132", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26132" }, { "reference_url": "http://secunia.com/advisories/26215", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26215" }, { "reference_url": "http://secunia.com/advisories/26384", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26384" }, { "reference_url": "http://secunia.com/advisories/26575", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26575" }, { "reference_url": "http://secunia.com/advisories/26939", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26939" }, { "reference_url": "http://secunia.com/advisories/28114", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/28114" }, { "reference_url": "http://secunia.com/secunia_research/2007-63/advisory/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/secunia_research/2007-63/advisory/" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200707-09.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200707-09.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35246", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35246" }, { "reference_url": "https://issues.rpath.com/browse/RPL-1487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-1487" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1" }, { "reference_url": "http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798" }, { "reference_url": "http://www.debian.org/security/2007/dsa-1335", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2007/dsa-1335" }, { "reference_url": "http://www.kb.cert.org/vuls/id/399896", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.kb.cert.org/vuls/id/399896" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html" }, { "reference_url": "http://www.securityfocus.com/bid/24745", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24745" }, { "reference_url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191" }, { "reference_url": "http://www.ubuntu.com/usn/usn-480-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-480-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2421", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2421" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/4241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=244400", "reference_id": "244400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244400" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2949", "reference_id": "CVE-2007-2949", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2949" }, { "reference_url": "https://security.gentoo.org/glsa/200707-09", "reference_id": "GLSA-200707-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0513", "reference_id": "RHSA-2007:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0513" }, { "reference_url": "https://usn.ubuntu.com/480-1/", "reference_id": "USN-480-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/480-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571004?format=api", "purl": "pkg:deb/debian/gimp@2.4.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-23ev-8ph6-qyd8" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-5ds4-62sx-xud3" }, { "vulnerability": "VCID-5yx1-7s7z-m3ar" }, { "vulnerability": "VCID-6uzq-6ejf-kudc" }, { "vulnerability": "VCID-6yt4-22x4-2kdk" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-bq1c-u55x-5beh" }, { "vulnerability": "VCID-cdfh-uhac-sbam" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-nb8e-umcc-yudg" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-sn31-adaw-8kbz" }, { "vulnerability": "VCID-svvz-6tap-wqbe" }, { "vulnerability": "VCID-tq1x-gwac-6uc9" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-u8j3-25up-5bcb" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wbtb-bfgn-4bhq" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-y7a9-2p1n-z7fx" }, { "vulnerability": "VCID-ye1p-fndf-h7b9" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.4.7-1" } ], "aliases": [ "CVE-2007-2949" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjn6-7mrr-j7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56773?format=api", "vulnerability_id": "VCID-wbtb-bfgn-4bhq", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2763.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99512", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99514", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99517", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99519", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.9952", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99521", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99524", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99525", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.88834", "scoring_system": "epss", "scoring_elements": "0.99526", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=824541", "reference_id": "824541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=824541" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/18956.c", "reference_id": "CVE-2012-2763;OSVDB-82429", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/18956.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18973.rb", "reference_id": "CVE-2012-2763;OSVDB-82429", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18973.rb" }, { "reference_url": "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html", "reference_id": "CVE-2012-2763;OSVDB-82429", "reference_type": "exploit", "scores": [], "url": "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2012-2763" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtb-bfgn-4bhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70752?format=api", "vulnerability_id": "VCID-wj9c-s6kt-tqag", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58621", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5861", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58624", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58609", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58576", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58622", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58591", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58643", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58667", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58648", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58628", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58666", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17785" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=739133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=739133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4077" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/12/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/12/19/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529147", "reference_id": "1529147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529147" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884836", "reference_id": "884836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884836" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17785", "reference_id": "CVE-2017-17785", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17785" }, { "reference_url": "https://usn.ubuntu.com/3539-1/", "reference_id": "USN-3539-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3539-1/" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035811?format=api", "purl": "pkg:deb/debian/gimp@2.8.14-1%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.14-1%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037143?format=api", "purl": "pkg:deb/debian/gimp@2.8.18-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.18-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049282?format=api", "purl": "pkg:deb/debian/gimp@2.10.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.8-2" } ], "aliases": [ "CVE-2017-17785" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wj9c-s6kt-tqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56772?format=api", "vulnerability_id": "VCID-y7a9-2p1n-z7fx", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2896.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.9157", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91578", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91584", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91606", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91616", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91615", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.9163", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91636", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91635", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91632", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91645", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07216", "scoring_system": "epss", "scoring_elements": "0.91658", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643753", "reference_id": "643753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800", "reference_id": "727800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800" }, { "reference_url": "https://security.gentoo.org/glsa/201209-23", "reference_id": "GLSA-201209-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1635", "reference_id": "RHSA-2011:1635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0302", "reference_id": "RHSA-2012:0302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1180", "reference_id": "RHSA-2012:1180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1181", "reference_id": "RHSA-2012:1181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1181" }, { "reference_url": "https://usn.ubuntu.com/1207-1/", "reference_id": "USN-1207-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1207-1/" }, { "reference_url": "https://usn.ubuntu.com/1214-1/", "reference_id": "USN-1214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-2896" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7a9-2p1n-z7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56255?format=api", "vulnerability_id": "VCID-ye1p-fndf-h7b9", "summary": "Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3403.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88919", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88805", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88813", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88849", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88861", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88874", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88872", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.8887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88893", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88894", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04289", "scoring_system": "epss", "scoring_elements": "0.88902", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403" }, { "reference_url": "http://secunia.com/advisories/50296", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50296" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/20/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/20/7" }, { "reference_url": "http://www.securityfocus.com/bid/55101", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55101" }, { "reference_url": "http://www.securitytracker.com/id?1027411", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1027411" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1559-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1559-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685397", "reference_id": "685397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685397" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839020", "reference_id": "839020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839020" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3403", "reference_id": "CVE-2012-3403", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3403" }, { "reference_url": "https://security.gentoo.org/glsa/201311-05", "reference_id": "GLSA-201311-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1180", "reference_id": "RHSA-2012:1180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1181", "reference_id": "RHSA-2012:1181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1181" }, { "reference_url": "https://usn.ubuntu.com/1559-1/", "reference_id": "USN-1559-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1559-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571006?format=api", "purl": "pkg:deb/debian/gimp@2.8.2-2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-35p4-a8t3-f3g1" }, { "vulnerability": "VCID-4wae-t183-yydb" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-bcwp-42cm-g3et" }, { "vulnerability": "VCID-bf8d-qkyh-auds" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-eybg-sjmd-q7a2" }, { "vulnerability": "VCID-fta8-9na3-u3hb" }, { "vulnerability": "VCID-g7zy-qgvc-cueg" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-hkc8-4uw7-2yc3" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-q23d-29ut-uyhd" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-r1ds-par2-5kb4" }, { "vulnerability": "VCID-rgcb-3vf1-23dk" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-s17j-j45c-nqgs" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-wj9c-s6kt-tqag" }, { "vulnerability": "VCID-ygcy-xz6u-1qav" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.8.2-2%252Bdeb7u1" } ], "aliases": [ "CVE-2012-3403" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye1p-fndf-h7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62049?format=api", "vulnerability_id": "VCID-ygcy-xz6u-1qav", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44442.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44442.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44442", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98295", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98285", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98286", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98288", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98289", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.9827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98275", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.6033", "scoring_system": "epss", "scoring_elements": "0.98279", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984", "reference_id": "1055984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249942", "reference_id": "2249942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249942" }, { "reference_url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/", "reference_id": "gimp-2-10-36-released", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T13:15:13Z/" } ], "url": "https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0675", "reference_id": "RHSA-2024:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0702", "reference_id": "RHSA-2024:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0716", "reference_id": "RHSA-2024:0716", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0716" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0861", "reference_id": "RHSA-2024:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0862", "reference_id": "RHSA-2024:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0863", "reference_id": "RHSA-2024:0863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1007", "reference_id": "RHSA-2024:1007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10666", "reference_id": "RHSA-2024:10666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1327", "reference_id": "RHSA-2024:1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0746", "reference_id": "RHSA-2025:0746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3617", "reference_id": "RHSA-2025:3617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3629", "reference_id": "RHSA-2025:3629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7417", "reference_id": "RHSA-2025:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7417" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1594/", "reference_id": "ZDI-23-1594", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T13:15:13Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1594/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026169?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-1w47-u2aa-8uaj" }, { "vulnerability": "VCID-2k57-pmhe-9uds" }, { "vulnerability": "VCID-2p8s-2h2y-aqg4" }, { "vulnerability": "VCID-2yr2-zppt-47eq" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-81y4-4cxp-bybu" }, { "vulnerability": "VCID-99yx-7yr3-dfht" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-bhsc-qy1f-27dj" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dav9-9ar6-gkbn" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-dtpr-ndvm-5udg" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gdxp-wy9y-m3h1" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-hrab-t25s-5ybg" }, { "vulnerability": "VCID-jy45-8uuz-y7bf" }, { "vulnerability": "VCID-krn9-65fh-sqgq" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-qsyr-7tn1-uyhv" }, { "vulnerability": "VCID-rraw-1e9t-x3f3" }, { "vulnerability": "VCID-tth9-nncy-5qap" }, { "vulnerability": "VCID-ubet-venh-tqct" }, { "vulnerability": "VCID-uujf-3fhp-8fgg" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" }, { "vulnerability": "VCID-z2up-g7ms-gfg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2" } ], "aliases": [ "CVE-2023-44442", "ZDI-CAN-22094" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygcy-xz6u-1qav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47242?format=api", "vulnerability_id": "VCID-z2up-g7ms-gfg2", "summary": "A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18293", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18241", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20877", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2107", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20945", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20913", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20804", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21081", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21091", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661", "reference_id": "1119661", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233", "reference_id": "2407233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c", "reference_id": "5c3e2122d53869599d77ef0f1bdece117b24fd7c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c" }, { "reference_url": "https://security.gentoo.org/glsa/202601-03", "reference_id": "GLSA-202601-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202601-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21968", "reference_id": "RHSA-2025:21968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22417", "reference_id": "RHSA-2025:22417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22445", "reference_id": "RHSA-2025:22445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22496", "reference_id": "RHSA-2025:22496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22497", "reference_id": "RHSA-2025:22497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22498", "reference_id": "RHSA-2025:22498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22866", "reference_id": "RHSA-2025:22866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23857", "reference_id": "RHSA-2025:23857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0027", "reference_id": "RHSA-2026:0027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0250", "reference_id": "RHSA-2026:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0356", "reference_id": "RHSA-2026:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0356" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/", "reference_id": "ZDI-25-978", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-10934" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2up-g7ms-gfg2" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.2.6-1sarge4" }