{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","type":"alpm","namespace":"archlinux","name":"jasper","version":"1.900.5-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.900.20-1","latest_non_vulnerable_version":"2.0.28-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154586?format=json","vulnerability_id":"VCID-5mrv-xrc5-ayhc","summary":"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4517","reference_id":"","reference_type":"","scores":[{"value":"0.4213","scoring_system":"epss","scoring_elements":"0.97539","published_at":"2026-06-12T12:55:00Z"},{"value":"0.4213","scoring_system":"epss","scoring_elements":"0.9753","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html","reference_id":"071458.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html","reference_id":"071561.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"},{"reference_url":"http://secunia.com/advisories/47193","reference_id":"47193","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://secunia.com/advisories/47193"},{"reference_url":"http://secunia.com/advisories/47306","reference_id":"47306","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://secunia.com/advisories/47306"},{"reference_url":"http://secunia.com/advisories/47353","reference_id":"47353","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://secunia.com/advisories/47353"},{"reference_url":"http://www.securityfocus.com/bid/50992","reference_id":"50992","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.securityfocus.com/bid/50992"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71701","reference_id":"71701","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71701"},{"reference_url":"http://osvdb.org/77596","reference_id":"77596","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://osvdb.org/77596"},{"reference_url":"http://www.kb.cert.org/vuls/id/887409","reference_id":"887409","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.kb.cert.org/vuls/id/887409"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html","reference_id":"cpujan2012-366304.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21660640","reference_id":"docview.wss?uid=swg21660640","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21660640"},{"reference_url":"http://www.debian.org/security/2011/dsa-2371","reference_id":"dsa-2371","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.debian.org/security/2011/dsa-2371"},{"reference_url":"https://security.gentoo.org/glsa/201201-10","reference_id":"GLSA-201201-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-10"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1807","reference_id":"RHSA-2011:1807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1807"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1807.html","reference_id":"RHSA-2011-1807.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2011-1807.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1811","reference_id":"RHSA-2011:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1811"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1811.html","reference_id":"RHSA-2011-1811.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2011-1811.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html","reference_id":"RHSA-2015-0698.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=747726","reference_id":"show_bug.cgi?id=747726","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=747726"},{"reference_url":"https://usn.ubuntu.com/1315-1/","reference_id":"USN-1315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1315-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1315-1","reference_id":"USN-1315-1","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.ubuntu.com/usn/USN-1315-1"},{"reference_url":"https://usn.ubuntu.com/1317-1/","reference_id":"USN-1317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1317-1/"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606","reference_id":"viewer.php?l=slackware-security&y=2015&m=slackware-security.538606","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:11:47Z/"}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2011-4517"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mrv-xrc5-ayhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/959?format=json","vulnerability_id":"VCID-9mpt-np7g-1ybd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1867.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1867","reference_id":"","reference_type":"","scores":[{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68008","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68096","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9560"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298135","reference_id":"1298135","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298135"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1208","reference_id":"RHSA-2017:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1208"},{"reference_url":"https://usn.ubuntu.com/3295-1/","reference_id":"USN-3295-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3295-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2016-1867"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-np7g-1ybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113205?format=json","vulnerability_id":"VCID-cgc6-vdsk-yyhs","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8157.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8157","reference_id":"","reference_type":"","scores":[{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90731","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90761","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179282","reference_id":"1179282","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179282"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201503-01","reference_id":"GLSA-201503-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0074","reference_id":"RHSA-2015:0074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/2483-1/","reference_id":"USN-2483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-1/"},{"reference_url":"https://usn.ubuntu.com/2483-2/","reference_id":"USN-2483-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2014-8157"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgc6-vdsk-yyhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113184?format=json","vulnerability_id":"VCID-dkh6-g99z-tkec","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8137.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8137","reference_id":"","reference_type":"","scores":[{"value":"0.31457","scoring_system":"epss","scoring_elements":"0.96898","published_at":"2026-06-11T12:55:00Z"},{"value":"0.31457","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1173157","reference_id":"1173157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1173157"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201503-01","reference_id":"GLSA-201503-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2021","reference_id":"RHSA-2014:2021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1713","reference_id":"RHSA-2015:1713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1713"},{"reference_url":"https://usn.ubuntu.com/2483-1/","reference_id":"USN-2483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-1/"},{"reference_url":"https://usn.ubuntu.com/2483-2/","reference_id":"USN-2483-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2014-8137"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkh6-g99z-tkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180648?format=json","vulnerability_id":"VCID-egc9-qr22-n3bn","summary":"Multiple memory management errors in JasPer might lead to execution of\n    arbitrary code via jpeg2k files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3520.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3520","reference_id":"","reference_type":"","scores":[{"value":"0.02615","scoring_system":"epss","scoring_elements":"0.85981","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02615","scoring_system":"epss","scoring_elements":"0.86031","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=461476","reference_id":"461476","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=461476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559778","reference_id":"559778","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559778"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/200812-18","reference_id":"GLSA-200812-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0012","reference_id":"RHSA-2009:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/1317-1/","reference_id":"USN-1317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1317-1/"},{"reference_url":"https://usn.ubuntu.com/742-1/","reference_id":"USN-742-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/742-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2008-3520"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egc9-qr22-n3bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/438?format=json","vulnerability_id":"VCID-hyx5-ayvc-b7ek","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5221.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5221","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45879","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.46024","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5221"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1255710","reference_id":"1255710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1255710"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1208","reference_id":"RHSA-2017:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1208"},{"reference_url":"https://usn.ubuntu.com/3693-1/","reference_id":"USN-3693-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3693-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2015-5221"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyx5-ayvc-b7ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180649?format=json","vulnerability_id":"VCID-qhhm-c2jn-fqew","summary":"Multiple memory management errors in JasPer might lead to execution of\n    arbitrary code via jpeg2k files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3522.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3522","reference_id":"","reference_type":"","scores":[{"value":"0.0425","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0425","scoring_system":"epss","scoring_elements":"0.89085","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=461478","reference_id":"461478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=461478"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559778","reference_id":"559778","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559778"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/200812-18","reference_id":"GLSA-200812-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/1317-1/","reference_id":"USN-1317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1317-1/"},{"reference_url":"https://usn.ubuntu.com/742-1/","reference_id":"USN-742-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/742-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2008-3522"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhhm-c2jn-fqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113185?format=json","vulnerability_id":"VCID-qptc-pvnq-r3ds","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8138.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8138","reference_id":"","reference_type":"","scores":[{"value":"0.05895","scoring_system":"epss","scoring_elements":"0.90797","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05895","scoring_system":"epss","scoring_elements":"0.90827","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1173162","reference_id":"1173162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1173162"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201503-01","reference_id":"GLSA-201503-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2021","reference_id":"RHSA-2014:2021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1713","reference_id":"RHSA-2015:1713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1713"},{"reference_url":"https://usn.ubuntu.com/2483-1/","reference_id":"USN-2483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-1/"},{"reference_url":"https://usn.ubuntu.com/2483-2/","reference_id":"USN-2483-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2014-8138"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qptc-pvnq-r3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180535?format=json","vulnerability_id":"VCID-rdkh-ysfm-c3e5","summary":"Multiple memory management errors in JasPer could result in\n    execution of arbitrary code or a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4516.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4516","reference_id":"","reference_type":"","scores":[{"value":"0.47823","scoring_system":"epss","scoring_elements":"0.97781","published_at":"2026-06-11T12:55:00Z"},{"value":"0.47823","scoring_system":"epss","scoring_elements":"0.97791","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201201-10","reference_id":"GLSA-201201-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1807","reference_id":"RHSA-2011:1807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1811","reference_id":"RHSA-2011:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/1315-1/","reference_id":"USN-1315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1315-1/"},{"reference_url":"https://usn.ubuntu.com/1317-1/","reference_id":"USN-1317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1317-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2011-4516"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdkh-ysfm-c3e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113529?format=json","vulnerability_id":"VCID-vwas-qptn-nfcv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9029.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9029.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9029","reference_id":"","reference_type":"","scores":[{"value":"0.32606","scoring_system":"epss","scoring_elements":"0.96979","published_at":"2026-06-11T12:55:00Z"},{"value":"0.32606","scoring_system":"epss","scoring_elements":"0.96989","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167537","reference_id":"1167537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167537"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201503-01","reference_id":"GLSA-201503-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2021","reference_id":"RHSA-2014:2021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/2434-1/","reference_id":"USN-2434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2434-1/"},{"reference_url":"https://usn.ubuntu.com/2434-2/","reference_id":"USN-2434-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2434-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2014-9029"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwas-qptn-nfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113207?format=json","vulnerability_id":"VCID-z8hr-e4ud-7fb5","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8158.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8158","reference_id":"","reference_type":"","scores":[{"value":"0.04918","scoring_system":"epss","scoring_elements":"0.89842","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04918","scoring_system":"epss","scoring_elements":"0.89875","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179298","reference_id":"1179298","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179298"},{"reference_url":"https://security.archlinux.org/AVG-99","reference_id":"AVG-99","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-99"},{"reference_url":"https://security.gentoo.org/glsa/201503-01","reference_id":"GLSA-201503-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0074","reference_id":"RHSA-2015:0074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0698","reference_id":"RHSA-2015:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0698"},{"reference_url":"https://usn.ubuntu.com/2483-1/","reference_id":"USN-2483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-1/"},{"reference_url":"https://usn.ubuntu.com/2483-2/","reference_id":"USN-2483-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2483-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9191?format=json","purl":"pkg:alpm/archlinux/jasper@1.900.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}],"aliases":["CVE-2014-8158"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8hr-e4ud-7fb5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.5-1"}