{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","type":"deb","namespace":"debian","name":"libjpeg-turbo","version":"1:2.1.5-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:2.1.5-4","latest_non_vulnerable_version":"1:2.1.5-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83461?format=json","vulnerability_id":"VCID-2eke-m7j3-1qc5","summary":"libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11212.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11212","reference_id":"","reference_type":"","scores":[{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83173","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83244","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.8319","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83204","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83227","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a"},{"reference_url":"https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190118-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190118-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.ijg.org/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ijg.org/"},{"reference_url":"http://www.securityfocus.com/bid/106583","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579973","reference_id":"1579973","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579973"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176","reference_id":"902176","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11212","reference_id":"CVE-2018-11212","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0469","reference_id":"RHSA-2019:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0472","reference_id":"RHSA-2019:0472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0473","reference_id":"RHSA-2019:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0474","reference_id":"RHSA-2019:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0640","reference_id":"RHSA-2019:0640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1238","reference_id":"RHSA-2019:1238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"},{"reference_url":"https://usn.ubuntu.com/5497-1/","reference_id":"USN-5497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5497-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5497-2/","reference_id":"USN-USN-5497-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5497-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927726?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-11212"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eke-m7j3-1qc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35826?format=json","vulnerability_id":"VCID-6qse-ddhe-f7ea","summary":"Two vulnerabilities have been discovered in libjpeg-turbo, the\n    worse of which could allow remote attackers access to  sensitive\n    information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6629","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43451","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43386","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43475","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43413","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43479","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031734","reference_id":"1031734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867","reference_id":"729867","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873","reference_id":"729873","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://security.gentoo.org/glsa/201606-03","reference_id":"GLSA-201606-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116","reference_id":"mfsa2013-116","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1803","reference_id":"RHSA-2013:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1804","reference_id":"RHSA-2013:1804","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0412","reference_id":"RHSA-2014:0412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0413","reference_id":"RHSA-2014:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0486","reference_id":"RHSA-2014:0486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0508","reference_id":"RHSA-2014:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0509","reference_id":"RHSA-2014:0509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0509"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0705","reference_id":"RHSA-2014:0705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0982","reference_id":"RHSA-2014:0982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0982"},{"reference_url":"https://usn.ubuntu.com/2052-1/","reference_id":"USN-2052-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2052-1/"},{"reference_url":"https://usn.ubuntu.com/2053-1/","reference_id":"USN-2053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2053-1/"},{"reference_url":"https://usn.ubuntu.com/2060-1/","reference_id":"USN-2060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927724?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1.3.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1.3.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2013-6629"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qse-ddhe-f7ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60289?format=json","vulnerability_id":"VCID-77d3-x18w-a7f6","summary":"Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17541","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54703","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.65766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.65752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.65722","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968036","reference_id":"1968036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968036"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17541","reference_id":"CVE-2020-17541","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17541"},{"reference_url":"https://security.gentoo.org/glsa/202405-20","reference_id":"GLSA-202405-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4288","reference_id":"RHSA-2021:4288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4288"},{"reference_url":"https://usn.ubuntu.com/5553-1/","reference_id":"USN-5553-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5553-1/"},{"reference_url":"https://usn.ubuntu.com/5631-1/","reference_id":"USN-5631-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5631-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2020-17541"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77d3-x18w-a7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83463?format=json","vulnerability_id":"VCID-95f9-st4n-wydt","summary":"libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11214.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11214","reference_id":"","reference_type":"","scores":[{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77516","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77575","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77592","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77547","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01054","scoring_system":"epss","scoring_elements":"0.77566","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214"},{"reference_url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579980","reference_id":"1579980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579980"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176","reference_id":"902176","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11214","reference_id":"CVE-2018-11214","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"},{"reference_url":"https://usn.ubuntu.com/5497-1/","reference_id":"USN-5497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5497-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5497-2/","reference_id":"USN-USN-5497-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5497-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927726?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-11214"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95f9-st4n-wydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18804?format=json","vulnerability_id":"VCID-9ewc-ttxk-eufx","summary":"Out-of-bounds Write\nlibjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29390","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20493","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20552","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20361","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20449","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943797","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943797"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235521","reference_id":"2235521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235521"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","reference_id":"27NR3KG553CG6LGPMP6SHWEVHTYPL6RC","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","reference_id":"6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29390","reference_id":"CVE-2021-29390","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29390"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c","reference_id":"jdcoefct.c","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595","reference_id":"jdcoefct.c#L595","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","reference_id":"KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:08:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2295","reference_id":"RHSA-2024:2295","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2295"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2021-29390"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ewc-ttxk-eufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81110?format=json","vulnerability_id":"VCID-a3r5-u4q5-efhk","summary":"libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35538","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07135","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07374","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07344","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122387","reference_id":"2122387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122387"},{"reference_url":"https://usn.ubuntu.com/5631-1/","reference_id":"USN-5631-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5631-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927729?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2020-35538"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3r5-u4q5-efhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83261?format=json","vulnerability_id":"VCID-adpa-bp3z-vbhn","summary":"libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53273","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53198","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53242","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258"},{"reference_url":"https://github.com/mozilla/mozjpeg/issues/299","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/mozjpeg/issues/299"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687424","reference_id":"1687424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687424"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678","reference_id":"924678","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924678"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14498","reference_id":"CVE-2018-14498","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3705","reference_id":"RHSA-2019:3705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3705"},{"reference_url":"https://usn.ubuntu.com/4190-1/","reference_id":"USN-4190-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4190-1/"},{"reference_url":"https://usn.ubuntu.com/5553-1/","reference_id":"USN-5553-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5553-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-14498"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adpa-bp3z-vbhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17726?format=json","vulnerability_id":"VCID-b91f-d2h1-8ya5","summary":"Out-of-bounds Write\nA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2804","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23618","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23687","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23733","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23749","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24269","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208447","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/"}],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/"}],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/"}],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2804","reference_id":"CVE-2023-2804","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:15:55Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-2804"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2804","reference_id":"CVE-2023-2804","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2804"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2023-2804"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b91f-d2h1-8ya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80526?format=json","vulnerability_id":"VCID-bz3a-w43e-y7fb","summary":"libjpeg-turbo: DoS via open crafted GIF","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20205","reference_id":"","reference_type":"","scores":[{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63034","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63122","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63159","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63136","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937385","reference_id":"1937385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937385"},{"reference_url":"https://security.archlinux.org/AVG-1671","reference_id":"AVG-1671","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20205","reference_id":"CVE-2021-20205","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2021-20205"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3a-w43e-y7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80461?format=json","vulnerability_id":"VCID-d73e-m4f8-73bc","summary":"libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46822.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46822.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46822","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3501","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34917","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34962","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34958","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34934","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221567","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2100044","reference_id":"2100044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2100044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46822","reference_id":"CVE-2021-46822","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1068","reference_id":"RHSA-2023:1068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1068"},{"reference_url":"https://usn.ubuntu.com/5631-1/","reference_id":"USN-5631-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5631-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927730?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2021-46822"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d73e-m4f8-73bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47221?format=json","vulnerability_id":"VCID-ed2r-h2fk-kqfq","summary":"A vulnerability in libjpeg-turbo could result in execution of\n    arbitrary code or Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2806","reference_id":"","reference_type":"","scores":[{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.8488","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84882","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84905","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84913","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.8493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84929","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.84847","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2806"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/07/17/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://www.openwall.com/lists/oss-security/2012/07/17/3"},{"reference_url":"http://secunia.com/advisories/49883","reference_id":"49883","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://secunia.com/advisories/49883"},{"reference_url":"http://secunia.com/advisories/50753","reference_id":"50753","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://secunia.com/advisories/50753"},{"reference_url":"http://www.securityfocus.com/bid/54480","reference_id":"54480","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://www.securityfocus.com/bid/54480"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76952","reference_id":"76952","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76952"},{"reference_url":"http://osvdb.org/84040","reference_id":"84040","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://osvdb.org/84040"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:121","reference_id":"advisories?name=MDVSA-2012:121","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:121"},{"reference_url":"https://security.gentoo.org/glsa/201209-13","reference_id":"GLSA-201209-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-13"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201209-13.xml","reference_id":"glsa-201209-13.xml","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201209-13.xml"},{"reference_url":"http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830","reference_id":"libjpeg-turbo?view=revision&revision=830","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=759802","reference_id":"show_bug.cgi?id=759802","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=759802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=826849","reference_id":"show_bug.cgi?id=826849","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-21T19:56:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=826849"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2012-2806"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2r-h2fk-kqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85279?format=json","vulnerability_id":"VCID-f5wv-ttaf-r7f4","summary":"libjpeg: null pointer dereference in cjpeg","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3616.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3616","reference_id":"","reference_type":"","scores":[{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80395","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.8044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.8045","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80469","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01404","scoring_system":"epss","scoring_elements":"0.80455","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319661","reference_id":"1319661","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319661"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819969","reference_id":"819969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927726?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2016-3616"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5wv-ttaf-r7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86079?format=json","vulnerability_id":"VCID-kq64-v665-tyht","summary":"libjpeg-turbo: denial of service via specially-crafted JPEG file","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9092.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9092","reference_id":"","reference_type":"","scores":[{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.8303","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83046","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.8306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83058","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83082","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.8309","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0187","scoring_system":"epss","scoring_elements":"0.83105","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9092"},{"reference_url":"https://tapani.tarvainen.info/linux/convertbug/","reference_id":"","reference_type":"","scores":[],"url":"https://tapani.tarvainen.info/linux/convertbug/"},{"reference_url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f","reference_id":"","reference_type":"","scores":[],"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/11/26/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/11/26/8"},{"reference_url":"http://www.securityfocus.com/bid/71326","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/71326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169845","reference_id":"1169845","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369","reference_id":"768369","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9092","reference_id":"CVE-2014-9092","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9092"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927725?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.3.1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.3.1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2014-9092"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kq64-v665-tyht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82983?format=json","vulnerability_id":"VCID-qbwh-xe67-rkdu","summary":"libjpeg-turbo: heap-based buffer overflow in tjLoadImage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20330","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56251","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56227","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56204","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56241","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20330"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665223","reference_id":"1665223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665223"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20330","reference_id":"CVE-2018-20330","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20330"},{"reference_url":"https://usn.ubuntu.com/4190-1/","reference_id":"USN-4190-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4190-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-20330"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbwh-xe67-rkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35828?format=json","vulnerability_id":"VCID-rfqk-ffy7-yqee","summary":"Two vulnerabilities have been discovered in libjpeg-turbo, the\n    worse of which could allow remote attackers access to  sensitive\n    information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6630.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6630.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6630","reference_id":"","reference_type":"","scores":[{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82908","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82842","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82859","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82868","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82893","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0183","scoring_system":"epss","scoring_elements":"0.82911","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031749","reference_id":"1031749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867","reference_id":"729867","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873","reference_id":"729873","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873"},{"reference_url":"https://security.gentoo.org/glsa/201606-03","reference_id":"GLSA-201606-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116","reference_id":"mfsa2013-116","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1803","reference_id":"RHSA-2013:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1803"},{"reference_url":"https://usn.ubuntu.com/2052-1/","reference_id":"USN-2052-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2052-1/"},{"reference_url":"https://usn.ubuntu.com/2053-1/","reference_id":"USN-2053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2053-1/"},{"reference_url":"https://usn.ubuntu.com/2060-1/","reference_id":"USN-2060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927724?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1.3.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1.3.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2013-6630"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqk-ffy7-yqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58214?format=json","vulnerability_id":"VCID-rgsc-btdd-m3he","summary":"An information disclosure vulnerability in libjpeg-turbo allow\n    remote attackers to obtain sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13790","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65158","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65267","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65239","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847155","reference_id":"1847155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847155"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829","reference_id":"962829","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962829"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13790","reference_id":"CVE-2020-13790","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13790"},{"reference_url":"https://security.gentoo.org/glsa/202010-03","reference_id":"GLSA-202010-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202010-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7540","reference_id":"RHSA-2025:7540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7540"},{"reference_url":"https://usn.ubuntu.com/4386-1/","reference_id":"USN-4386-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4386-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2020-13790"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgsc-btdd-m3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83462?format=json","vulnerability_id":"VCID-rswk-24y5-67dn","summary":"libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11213.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11213","reference_id":"","reference_type":"","scores":[{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75346","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75379","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75358","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75296","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75349","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75359","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213"},{"reference_url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579979","reference_id":"1579979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579979"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176","reference_id":"902176","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11213","reference_id":"CVE-2018-11213","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"},{"reference_url":"https://usn.ubuntu.com/5497-1/","reference_id":"USN-5497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5497-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5497-2/","reference_id":"USN-USN-5497-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5497-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927726?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-11213"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rswk-24y5-67dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83400?format=json","vulnerability_id":"VCID-tvq2-6ujj-7yet","summary":"libjpeg: \"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11813","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45702","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48102","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11813"},{"reference_url":"https://bugs.gentoo.org/727908","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/727908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf"},{"reference_url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c"},{"reference_url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz","reference_id":"","reference_type":"","scores":[],"url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588803","reference_id":"1588803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588803"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719","reference_id":"904719","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904719"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11813","reference_id":"CVE-2018-11813","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2052","reference_id":"RHSA-2019:2052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"reference_url":"https://usn.ubuntu.com/5497-1/","reference_id":"USN-5497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5497-1/"},{"reference_url":"https://usn.ubuntu.com/5553-1/","reference_id":"USN-5553-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5553-1/"},{"reference_url":"https://usn.ubuntu.com/5631-1/","reference_id":"USN-5631-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5631-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5497-2/","reference_id":"USN-USN-5497-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5497-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-11813"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvq2-6ujj-7yet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83911?format=json","vulnerability_id":"VCID-ugd8-a68r-hugj","summary":"libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15232","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67885","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67946","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67971","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67995","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67981","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67908","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67906","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182"},{"reference_url":"https://github.com/mozilla/mozjpeg/issues/268","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/mozjpeg/issues/268"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500678","reference_id":"1500678","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500678"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567","reference_id":"878567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878567"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15232","reference_id":"CVE-2017-15232","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15232"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2017-15232"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugd8-a68r-hugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82974?format=json","vulnerability_id":"VCID-uu2t-7ffz-j7bm","summary":"libjpeg-turbo: heap-based buffer over-read in the put_pixel_rows function in wrbmp.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19664","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44588","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44593","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44581","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656218","reference_id":"1656218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656218"},{"reference_url":"https://usn.ubuntu.com/4190-1/","reference_id":"USN-4190-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4190-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-19664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu2t-7ffz-j7bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81194?format=json","vulnerability_id":"VCID-vrpv-znq2-6yd9","summary":"libjpeg: improper handling of max_memory_to_use setting can lead to excessive memory consumption","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14152","reference_id":"","reference_type":"","scores":[{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78643","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.78668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01168","scoring_system":"epss","scoring_elements":"0.7865","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14152"},{"reference_url":"https://bugs.gentoo.org/727908","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/727908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz","reference_id":"","reference_type":"","scores":[],"url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849026","reference_id":"1849026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849026"},{"reference_url":"https://usn.ubuntu.com/5497-1/","reference_id":"USN-5497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5497-1/"},{"reference_url":"https://usn.ubuntu.com/5553-1/","reference_id":"USN-5553-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5553-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5497-2/","reference_id":"USN-USN-5497-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5497-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927728?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:1.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:1.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2020-14152"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrpv-znq2-6yd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48088?format=json","vulnerability_id":"VCID-w4km-zqts-3bhv","summary":"Several integer overflows in libjpeg-turbo might allow an attacker\n    to execute arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2201","reference_id":"","reference_type":"","scores":[{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77809","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77868","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77853","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77869","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77843","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01083","scoring_system":"epss","scoring_elements":"0.77825","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/"},{"reference_url":"https://source.android.com/security/bulletin/2019-11-01","reference_id":"","reference_type":"","scores":[],"url":"https://source.android.com/security/bulletin/2019-11-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770982","reference_id":"1770982","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770982"},{"reference_url":"https://security.archlinux.org/AVG-1067","reference_id":"AVG-1067","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1067"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2201","reference_id":"CVE-2019-2201","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2201"},{"reference_url":"https://security.gentoo.org/glsa/202003-23","reference_id":"GLSA-202003-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-23"},{"reference_url":"https://usn.ubuntu.com/4190-1/","reference_id":"USN-4190-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4190-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2019-2201"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4km-zqts-3bhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81196?format=json","vulnerability_id":"VCID-wejg-2zp8-1yd3","summary":"libjpeg: out-of-bounds read for certain table pointers in jdhuff.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14153","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.56997","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57114","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57144","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57156","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57115","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14153"},{"reference_url":"https://bugs.gentoo.org/727908","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/727908"},{"reference_url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz","reference_id":"","reference_type":"","scores":[],"url":"http://www.ijg.org/files/jpegsrc.v9d.tar.gz"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849032","reference_id":"1849032","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849032"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14153","reference_id":"CVE-2020-14153","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14153"},{"reference_url":"https://usn.ubuntu.com/USN-5336-1/","reference_id":"USN-USN-5336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5336-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2020-14153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wejg-2zp8-1yd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162806?format=json","vulnerability_id":"VCID-y4q6-9s32-rkej","summary":"A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6702","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62072","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62132","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.622","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62208","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62187","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927721?format=json","purl":"pkg:deb/debian/libjpeg-turbo@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2016-6702"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4q6-9s32-rkej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83393?format=json","vulnerability_id":"VCID-zqqx-68x1-h3ak","summary":"libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1152","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72955","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73011","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"},{"reference_url":"https://www.tenable.com/security/research/tra-2018-17","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/research/tra-2018-17"},{"reference_url":"http://www.securityfocus.com/bid/104543","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1593554","reference_id":"1593554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1593554"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950","reference_id":"902950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1152","reference_id":"CVE-2018-1152","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1152"},{"reference_url":"https://usn.ubuntu.com/3706-1/","reference_id":"USN-3706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-1/"},{"reference_url":"https://usn.ubuntu.com/3706-2/","reference_id":"USN-3706-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3706-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/927727?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927722?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.0.6-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d73e-m4f8-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.0.6-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927720?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927723?format=json","purl":"pkg:deb/debian/libjpeg-turbo@1:2.1.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-4%3Fdistro=trixie"}],"aliases":["CVE-2018-1152"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqqx-68x1-h3ak"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjpeg-turbo@1:2.1.5-2%3Fdistro=trixie"}