Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923162?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923162?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u4?distro=trixie", "type": "deb", "namespace": "debian", "name": "gimp", "version": "2.10.34-1+deb12u4", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.10.34-1+deb12u6", "latest_non_vulnerable_version": "3.2.4-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96592?format=api", "vulnerability_id": "VCID-81y4-4cxp-bybu", "summary": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63819", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63674", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63757", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63769", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6374", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63726", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63744", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758", "reference_id": "1107758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/", "reference_id": "ZDI-25-203", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:26:53Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923133?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923163?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923162?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923131?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923174?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923136?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-rw3k-nfe2-4qd2" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923134?format=api", "purl": "pkg:deb/debian/gimp@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923135?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072618?format=api", "purl": "pkg:deb/debian/gimp@3.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2760" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81y4-4cxp-bybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69446?format=api", "vulnerability_id": "VCID-bhsc-qy1f-27dj", "summary": "gimp: Gimp Integer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02243", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02242", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10504", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10482", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1046", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10329", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10301", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10291", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12875", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518", "reference_id": "13518", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515", "reference_id": "2372515", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6035", "reference_id": "CVE-2025-6035", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6035" }, { "reference_url": "https://usn.ubuntu.com/8082-1/", "reference_id": "USN-8082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8082-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923133?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923163?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923162?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923131?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923178?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923136?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-rw3k-nfe2-4qd2" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923134?format=api", "purl": "pkg:deb/debian/gimp@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923135?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072618?format=api", "purl": "pkg:deb/debian/gimp@3.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6035" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhsc-qy1f-27dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=api", "vulnerability_id": "VCID-gdxp-wy9y-m3h1", "summary": "gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25645", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2568", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25632", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25521", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25586", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25873", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25883", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25789", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25744", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459", "reference_id": "1116459", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188", "reference_id": "2407188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_id": "3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21968", "reference_id": "RHSA-2025:21968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22417", "reference_id": "RHSA-2025:22417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22445", "reference_id": "RHSA-2025:22445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22496", "reference_id": "RHSA-2025:22496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22497", "reference_id": "RHSA-2025:22497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22498", "reference_id": "RHSA-2025:22498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22866", "reference_id": "RHSA-2025:22866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23857", "reference_id": "RHSA-2025:23857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0027", "reference_id": "RHSA-2026:0027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0250", "reference_id": "RHSA-2026:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0356", "reference_id": "RHSA-2026:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0356" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/", "reference_id": "ZDI-25-911", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923133?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-3sqk-cbwn-tqa7" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923163?format=api", "purl": "pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923162?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923131?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923161?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923136?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-rw3k-nfe2-4qd2" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923160?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-6.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-6.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923134?format=api", "purl": "pkg:deb/debian/gimp@3.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923135?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072618?format=api", "purl": "pkg:deb/debian/gimp@3.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-10922" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdxp-wy9y-m3h1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u4%3Fdistro=trixie" }