Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/928360?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libraw", "version": "0.20.2-2.1+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.21.4-1", "latest_non_vulnerable_version": "0.21.5b-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83263?format=api", "vulnerability_id": "VCID-1p46-52y8-kbgb", "summary": "libRaw: infinite loop in the parse_minolta function in dcraw/dcraw.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.6377", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63832", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64028", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64035", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64048", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64045", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64014", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609954", "reference_id": "1609954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609954" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5813" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p46-52y8-kbgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81445?format=api", "vulnerability_id": "VCID-25js-gs2n-jbfb", "summary": "LibRaw: Out-of-bounds read in LibRaw::adobe_copy_pixel() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.081", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08164", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35533" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122358", "reference_id": "2122358", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122358" }, { "reference_url": "https://usn.ubuntu.com/5715-1/", "reference_id": "USN-5715-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5715-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35533" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25js-gs2n-jbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70182?format=api", "vulnerability_id": "VCID-33xw-gu7q-3uht", "summary": "LibRaw: Improper Validation of Specified Quantity in Input in LibRaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43964.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45638", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.4566", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45631", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45689", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45684", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45547", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45494", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50801", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50749", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43964" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "reference_id": "0.21.3...0.21.4", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/" } ], "url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103783", "reference_id": "1103783", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103783" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361287", "reference_id": "2361287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361287" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0", "reference_id": "a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/" } ], "url": "https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0" }, { "reference_url": "https://www.libraw.org/news/libraw-0-21-4-release", "reference_id": "libraw-0-21-4-release", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/" } ], "url": "https://www.libraw.org/news/libraw-0-21-4-release" }, { "reference_url": "https://usn.ubuntu.com/7485-1/", "reference_id": "USN-7485-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7485-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928382?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928383?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-43964" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33xw-gu7q-3uht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82922?format=api", "vulnerability_id": "VCID-34d5-3aug-ffgw", "summary": "libraw: NULL pointer dereference in LibRaw::copy_bayer resulting in a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65616", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65783", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6576", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65734", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65665", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65694", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6566", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65711", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65724", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65731", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65751", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6575", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/194" }, { "reference_url": "http://www.securityfocus.com/bid/106299", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106299" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663961", "reference_id": "1663961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663961" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112", "reference_id": "917112", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20364", "reference_id": "CVE-2018-20364", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20364" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928374?format=api", "purl": "pkg:deb/debian/libraw@0.19.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20364" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34d5-3aug-ffgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81471?format=api", "vulnerability_id": "VCID-43af-u5hy-afcg", "summary": "LibRaw: Out-of-bounds read in simple_decode_row() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.081", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08164", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122357", "reference_id": "2122357", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122357" }, { "reference_url": "https://usn.ubuntu.com/5715-1/", "reference_id": "USN-5715-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5715-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35532" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43af-u5hy-afcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83253?format=api", "vulnerability_id": "VCID-4ksq-fpwc-t3fq", "summary": "LibRaw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68319", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68363", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68377", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68344", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68383", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68396", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68374", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68422", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68426", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6843", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68407", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610151", "reference_id": "1610151", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610151" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928377?format=api", "purl": "pkg:deb/debian/libraw@0.18.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5815" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ksq-fpwc-t3fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81362?format=api", "vulnerability_id": "VCID-54h1-vj6r-4ue5", "summary": "LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14676", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14726", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14754", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14622", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14585", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14615", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14613", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14553", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14431", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14565", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122362", "reference_id": "2122362", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122362" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35535" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54h1-vj6r-4ue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84042?format=api", "vulnerability_id": "VCID-57aw-3kt4-5fd8", "summary": "libraw: Floating point exception in kodak_radc_load_raw function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56814", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56942", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56859", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56876", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56899", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.5692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56896", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56948", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56951", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00597", "scoring_system": "epss", "scoring_elements": "0.69303", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488476", "reference_id": "1488476", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488476" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729", "reference_id": "874729", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729" }, { "reference_url": "https://security.archlinux.org/ASA-201709-18", "reference_id": "ASA-201709-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-18" }, { "reference_url": "https://security.archlinux.org/AVG-410", "reference_id": "AVG-410", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-410" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928369?format=api", "purl": "pkg:deb/debian/libraw@0.18.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13735" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57aw-3kt4-5fd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48133?format=api", "vulnerability_id": "VCID-5qx5-u16v-vfgz", "summary": "Multiple vulnerabilities have been found in LibRaw, the worst of\n which may allow attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0127", "scoring_system": "epss", "scoring_elements": "0.79587", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0127", "scoring_system": "epss", "scoring_elements": "0.79609", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0127", "scoring_system": "epss", "scoring_elements": "0.79551", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0127", "scoring_system": "epss", "scoring_elements": "0.79557", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0127", "scoring_system": "epss", "scoring_elements": "0.79573", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79577", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79503", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79552", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79582", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79585", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7951", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79547", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8366" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287056", "reference_id": "1287056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287056" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809", "reference_id": "806809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168", "reference_id": "864168", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168" }, { "reference_url": "https://security.archlinux.org/AVG-92", "reference_id": "AVG-92", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-92" }, { "reference_url": "https://security.gentoo.org/glsa/201701-60", "reference_id": "GLSA-201701-60", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-60" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928368?format=api", "purl": "pkg:deb/debian/libraw@0.17.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8366" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qx5-u16v-vfgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72446?format=api", "vulnerability_id": "VCID-6r3y-tdry-guc3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64515", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64685", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64658", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64636", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64555", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64604", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.6462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64638", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64625", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64632", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64643", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64649", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64661", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451642", "reference_id": "1451642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183", "reference_id": "864183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928371?format=api", "purl": "pkg:deb/debian/libraw@0.18.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-6887" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6r3y-tdry-guc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70181?format=api", "vulnerability_id": "VCID-88vk-c7wu-fffr", "summary": "LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54155", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54258", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54219", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54262", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54243", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54222", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58961", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5901", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "reference_id": "0.21.3...0.21.4", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/" } ], "url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781", "reference_id": "1103781", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361286", "reference_id": "2361286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361286" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2", "reference_id": "66fe663e02a4dd610b4e832f5d9af326709336c2", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/" } ], "url": "https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2" }, { "reference_url": "https://www.libraw.org/news/libraw-0-21-4-release", "reference_id": "libraw-0-21-4-release", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/" } ], "url": "https://www.libraw.org/news/libraw-0-21-4-release" }, { "reference_url": "https://usn.ubuntu.com/7485-1/", "reference_id": "USN-7485-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7485-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928382?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928383?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-43962" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88vk-c7wu-fffr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83595?format=api", "vulnerability_id": "VCID-8g8a-1egc-pbhs", "summary": "LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65977", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66015", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66064", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66077", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66096", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66088", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66102", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6609", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66122", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6612", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66098", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66143", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591887", "reference_id": "1591887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3065", "reference_id": "RHSA-2018:3065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3065" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928376?format=api", "purl": "pkg:deb/debian/libraw@0.18.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5805" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8g8a-1egc-pbhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83801?format=api", "vulnerability_id": "VCID-8nfh-uny2-2yay", "summary": "libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66337", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66302", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66211", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66238", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66255", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66268", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66289", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66275", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66279", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66278", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524860", "reference_id": "1524860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524860" }, { "reference_url": "https://usn.ubuntu.com/3615-1/", "reference_id": "USN-3615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3615-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928370?format=api", "purl": "pkg:deb/debian/libraw@0.18.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16910" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nfh-uny2-2yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16517?format=api", "vulnerability_id": "VCID-aa14-ypvj-pfen", "summary": "Out-of-bounds Write\nBuffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06284", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06682", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0635", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06378", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06406", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06395", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06521", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06533", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06552", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/gtt1995", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://github.com/gtt1995" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/400", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://github.com/LibRaw/LibRaw/issues/400" }, { "reference_url": "https://www.libraw.org/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://www.libraw.org/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790", "reference_id": "1031790", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172004", "reference_id": "2172004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172004" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/", "reference_id": "5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32142", "reference_id": "CVE-2021-32142", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32142" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5412", "reference_id": "dsa-5412", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5412" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/", "reference_id": "E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6343", "reference_id": "RHSA-2023:6343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0343", "reference_id": "RHSA-2024:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2994", "reference_id": "RHSA-2024:2994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2994" }, { "reference_url": "https://usn.ubuntu.com/6137-1/", "reference_id": "USN-6137-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6137-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928381?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-32142" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa14-ypvj-pfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82937?format=api", "vulnerability_id": "VCID-aakc-8r79-7bbs", "summary": "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.66905", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67025", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.66943", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.66969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.66944", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.66993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77751", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77793", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77728", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77737", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77764", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77667", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77704", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77703", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77697", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html" }, { "reference_url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/" }, { "reference_url": "https://www.libraw.org/news/libraw-0-19-2-release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.libraw.org/news/libraw-0-19-2-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661608", "reference_id": "1661608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661608" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818", "reference_id": "CVE-2018-5818", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928378?format=api", "purl": "pkg:deb/debian/libraw@0.19.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5818" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aakc-8r79-7bbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35805?format=api", "vulnerability_id": "VCID-abzn-gut6-y3cz", "summary": "Multiple vulnerabilities have been found in LibRaw, the worst of\n which may allow attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76051", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76054", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76067", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.761", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76114", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.7614", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76115", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76154", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76157", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76179", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76189", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76201", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76212", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76241", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/334" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882339", "reference_id": "1882339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882339" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24889", "reference_id": "CVE-2020-24889", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24889" }, { "reference_url": "https://security.gentoo.org/glsa/202010-05", "reference_id": "GLSA-202010-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928380?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-24889" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abzn-gut6-y3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72444?format=api", "vulnerability_id": "VCID-affs-bchw-93bx", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69005", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68982", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68962", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68862", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68892", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68911", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68934", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68931", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68941", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6892", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68971", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68977", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451640", "reference_id": "1451640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183", "reference_id": "864183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928371?format=api", "purl": "pkg:deb/debian/libraw@0.18.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-6886" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-affs-bchw-93bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83702?format=api", "vulnerability_id": "VCID-b7yv-7e6a-nfhy", "summary": "LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71509", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71516", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71506", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71546", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71558", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71565", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71593", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71577", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71628", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71633", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71637", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71622", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71657", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553335", "reference_id": "1553335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3065", "reference_id": "RHSA-2018:3065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3065" }, { "reference_url": "https://usn.ubuntu.com/3615-1/", "reference_id": "USN-3615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3615-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928375?format=api", "purl": "pkg:deb/debian/libraw@0.18.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5802" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yv-7e6a-nfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32048?format=api", "vulnerability_id": "VCID-c7f1-d627-z3dm", "summary": "Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n the worst of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.64948", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.64997", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65024", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.64987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65051", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65069", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65031", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66507", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66551", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.6649", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66508", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66492", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66516", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66532", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66533", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714", "reference_id": "1002714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231", "reference_id": "721231", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232", "reference_id": "721232", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233", "reference_id": "721233", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236", "reference_id": "721236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236" }, { "reference_url": "https://security.gentoo.org/glsa/201309-09", "reference_id": "GLSA-201309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-09" }, { "reference_url": "https://usn.ubuntu.com/1964-1/", "reference_id": "USN-1964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1964-1/" }, { "reference_url": "https://usn.ubuntu.com/1978-1/", "reference_id": "USN-1978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928361?format=api", "purl": "pkg:deb/debian/libraw@0.15.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1438" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7f1-d627-z3dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48135?format=api", "vulnerability_id": "VCID-car8-7w1p-2uhx", "summary": "Multiple vulnerabilities have been found in LibRaw, the worst of\n which may allow attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.76797", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.76778", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.76766", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.76759", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82384", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82492", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82461", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82416", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82413", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01779", "scoring_system": "epss", "scoring_elements": "0.82732", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01779", "scoring_system": "epss", "scoring_elements": "0.8273", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287076", "reference_id": "1287076", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287076" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809", "reference_id": "806809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809" }, { "reference_url": "https://security.archlinux.org/AVG-92", "reference_id": "AVG-92", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-92" }, { "reference_url": "https://security.gentoo.org/glsa/201701-60", "reference_id": "GLSA-201701-60", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-60" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928368?format=api", "purl": "pkg:deb/debian/libraw@0.17.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8367" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-car8-7w1p-2uhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83426?format=api", "vulnerability_id": "VCID-cm22-ayty-xqes", "summary": "LibRaw: stack-based buffer overflow in LibRaw::parse_exif() and subsequently execute arbitrary code", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83256", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.8331", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.8336", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83361", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83385", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83393", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83418", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01917", "scoring_system": "epss", "scoring_elements": "0.83439", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661520", "reference_id": "1661520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5809" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm22-ayty-xqes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81390?format=api", "vulnerability_id": "VCID-cx7p-nhr2-v3ay", "summary": "LibRaw: Memory corruption in \"crxFreeSubbandData()\" function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36205", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36273", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36241", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3626", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36244", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36192", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3596", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35928", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35841", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35723", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35792", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122360", "reference_id": "2122360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35534" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cx7p-nhr2-v3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82936?format=api", "vulnerability_id": "VCID-dgk8-b6fk-t7b6", "summary": "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68874", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68892", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68942", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.68961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75646", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75679", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.7563", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75635", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75649", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75567", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75608", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75592", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html" }, { "reference_url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/" }, { "reference_url": "https://www.libraw.org/news/libraw-0-19-2-release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.libraw.org/news/libraw-0-19-2-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661604", "reference_id": "1661604", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661604" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819", "reference_id": "CVE-2018-5819", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928378?format=api", "purl": "pkg:deb/debian/libraw@0.19.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5819" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgk8-b6fk-t7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70183?format=api", "vulnerability_id": "VCID-fbf4-mwnn-vqdp", "summary": "LibRaw: out-of-buffer access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54155", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54258", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54219", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54262", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54243", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54222", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58961", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5901", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "reference_id": "0.21.3...0.21.4", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/" } ], "url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782", "reference_id": "1103782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361288", "reference_id": "2361288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361288" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964", "reference_id": "be26e7639ecf8beb55f124ce780e99842de2e964", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/" } ], "url": "https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964" }, { "reference_url": "https://www.libraw.org/news/libraw-0-21-4-release", "reference_id": "libraw-0-21-4-release", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/" } ], "url": "https://www.libraw.org/news/libraw-0-21-4-release" }, { "reference_url": "https://usn.ubuntu.com/7485-1/", "reference_id": "USN-7485-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7485-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928382?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928383?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-43963" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbf4-mwnn-vqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83424?format=api", "vulnerability_id": "VCID-feqd-qmgg-kyer", "summary": "libRaw: NULL pointer dereference in nikon_coolscan_load_raw in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.6628", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66337", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66349", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66365", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.6635", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66372", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66387", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66363", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66408", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610486", "reference_id": "1610486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610486" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5812" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feqd-qmgg-kyer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83973?format=api", "vulnerability_id": "VCID-g76c-qem2-pyeq", "summary": "libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61948", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61966", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61945", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61962", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61955", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.619", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73779", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.7377", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73812", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73723", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73732", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73761", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14348" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/100" }, { "reference_url": "http://www.securityfocus.com/bid/100866", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492121", "reference_id": "1492121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492121" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14348", "reference_id": "CVE-2017-14348", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14348" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928369?format=api", "purl": "pkg:deb/debian/libraw@0.18.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14348" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g76c-qem2-pyeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83423?format=api", "vulnerability_id": "VCID-gfwy-pxzr-gqa6", "summary": "LibRaw: out-of-bounds read in nikon_coolscan_load_raw in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66211", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66238", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66255", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66268", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66289", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66275", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66279", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66278", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66302", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66337", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610483", "reference_id": "1610483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610483" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5811" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwy-pxzr-gqa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83974?format=api", "vulnerability_id": "VCID-h27f-krz7-bkdv", "summary": "libraw: Out-of-bounds read in the kodak_65000_load_raw function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54612", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54676", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.5469", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54709", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54686", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54634", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54682", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54704", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54722", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54735", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54737", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54718", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/101", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/101" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499687", "reference_id": "1499687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499687" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14608", "reference_id": "CVE-2017-14608", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14608" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928369?format=api", "purl": "pkg:deb/debian/libraw@0.18.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14608" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h27f-krz7-bkdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83421?format=api", "vulnerability_id": "VCID-h8wv-qjp1-abe5", "summary": "LibRaw: out-of-bounds read in samsung_load_raw in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65024", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65101", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65065", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65146", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65154", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65167", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65166", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65148", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65195", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610469", "reference_id": "1610469", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610469" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5807" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8wv-qjp1-abe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78146?format=api", "vulnerability_id": "VCID-hqh8-vz5n-23c9", "summary": "libraw: Out of bounds read in LibRaw::stretch() function in libraw\\src\\postprocessing\\aspect_ratio.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25386", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25041", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25144", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.251", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.24978", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25268", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25324", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.2523", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.2524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.252", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25156", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234992", "reference_id": "2234992", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234992" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/269", "reference_id": "269", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/" } ], "url": "https://github.com/LibRaw/LibRaw/issues/269" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html" }, { "reference_url": "https://usn.ubuntu.com/6377-1/", "reference_id": "USN-6377-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6377-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-22628" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqh8-vz5n-23c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83505?format=api", "vulnerability_id": "VCID-hsza-kpb5-vqb9", "summary": "LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83356", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83537", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83489", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83491", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83515", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83384", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83408", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83418", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83427", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83422", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83458", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0194", "scoring_system": "epss", "scoring_elements": "0.83482", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574313", "reference_id": "1574313", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574313" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185", "reference_id": "897185", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185" }, { "reference_url": "https://security.archlinux.org/ASA-201805-2", "reference_id": "ASA-201805-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-2" }, { "reference_url": "https://security.archlinux.org/AVG-681", "reference_id": "AVG-681", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-681" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10528", "reference_id": "CVE-2018-10528", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10528" }, { "reference_url": "https://usn.ubuntu.com/3639-1/", "reference_id": "USN-3639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10528" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsza-kpb5-vqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32051?format=api", "vulnerability_id": "VCID-hxsy-1dx6-fker", "summary": "Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n the worst of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75935", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75971", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.7595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75997", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76022", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75998", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.75992", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76019", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76066", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76078", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76085", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76114", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2127" }, { "reference_url": "https://security.gentoo.org/glsa/201309-09", "reference_id": "GLSA-201309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928366?format=api", "purl": "pkg:deb/debian/libraw@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxsy-1dx6-fker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83700?format=api", "vulnerability_id": "VCID-k9d9-tfcf-byf3", "summary": "LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.80946", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.80955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.80977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.80976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81004", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81011", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81027", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81014", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81044", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81045", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81074", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81082", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81097", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81118", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553332", "reference_id": "1553332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3065", "reference_id": "RHSA-2018:3065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3065" }, { "reference_url": "https://usn.ubuntu.com/3615-1/", "reference_id": "USN-3615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3615-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928375?format=api", "purl": "pkg:deb/debian/libraw@0.18.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5800" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9d9-tfcf-byf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83596?format=api", "vulnerability_id": "VCID-knwc-32r8-b7cu", "summary": "LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59951", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60074", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60094", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66408", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66349", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66365", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.6635", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66372", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66387", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66363", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591897", "reference_id": "1591897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3065", "reference_id": "RHSA-2018:3065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3065" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928376?format=api", "purl": "pkg:deb/debian/libraw@0.18.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5806" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knwc-32r8-b7cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83506?format=api", "vulnerability_id": "VCID-m4v4-63we-dqex", "summary": "LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.60973", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61118", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61128", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61121", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61069", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61051", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61079", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61045", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61093", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61116", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61098", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61139", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61127", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574325", "reference_id": "1574325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574325" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186", "reference_id": "897186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186" }, { "reference_url": "https://security.archlinux.org/ASA-201805-2", "reference_id": "ASA-201805-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-2" }, { "reference_url": "https://security.archlinux.org/AVG-681", "reference_id": "AVG-681", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-681" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10529", "reference_id": "CVE-2018-10529", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10529" }, { "reference_url": "https://usn.ubuntu.com/3639-1/", "reference_id": "USN-3639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10529" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4v4-63we-dqex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82938?format=api", "vulnerability_id": "VCID-mkyj-pu8d-kbbu", "summary": "LibRaw: DoS in unpacked_load_raw function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.7859", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78763", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78702", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78719", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78597", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78628", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78665", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.7864", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78669", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78667", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78694", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html" }, { "reference_url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/" }, { "reference_url": "https://www.libraw.org/news/libraw-0-19-2-release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.libraw.org/news/libraw-0-19-2-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661612", "reference_id": "1661612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661612" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5817", "reference_id": "CVE-2018-5817", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5817" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928378?format=api", "purl": "pkg:deb/debian/libraw@0.19.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5817" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyj-pu8d-kbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83425?format=api", "vulnerability_id": "VCID-n8g7-9k7s-17g3", "summary": "LibRaw: stack-based buffer overflow in find_green() leads to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84711", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84727", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.8477", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84777", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84795", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84807", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84808", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84805", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84832", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84842", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84841", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84857", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02316", "scoring_system": "epss", "scoring_elements": "0.84882", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661518", "reference_id": "1661518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5808" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8g7-9k7s-17g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81467?format=api", "vulnerability_id": "VCID-n9u1-b4b8-sqft", "summary": "LibRaw: Out of bounds write in new_node() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.081", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08164", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122339", "reference_id": "2122339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122339" }, { "reference_url": "https://usn.ubuntu.com/5715-1/", "reference_id": "USN-5715-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5715-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35530" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9u1-b4b8-sqft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32049?format=api", "vulnerability_id": "VCID-ngzk-excs-akbw", "summary": "Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n the worst of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64787", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64864", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64877", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64919", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64904", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64922", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64935", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64931", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.64911", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.6496", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714", "reference_id": "1002714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338", "reference_id": "721338", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339", "reference_id": "721339", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339" }, { "reference_url": "https://security.gentoo.org/glsa/201309-09", "reference_id": "GLSA-201309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-09" }, { "reference_url": "https://usn.ubuntu.com/1964-1/", "reference_id": "USN-1964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1964-1/" }, { "reference_url": "https://usn.ubuntu.com/1978-1/", "reference_id": "USN-1978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928361?format=api", "purl": "pkg:deb/debian/libraw@0.15.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1439" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngzk-excs-akbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82933?format=api", "vulnerability_id": "VCID-njj5-wx27-xqd4", "summary": "LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58244", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58339", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58333", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58346", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58297", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58331", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.5835", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58325", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58379", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.5836", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58392", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58396", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58373", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/192", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661555", "reference_id": "1661555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661555" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080", "reference_id": "917080", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20337", "reference_id": "CVE-2018-20337", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1766", "reference_id": "RHSA-2020:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1766" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928373?format=api", "purl": "pkg:deb/debian/libraw@0.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20337" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njj5-wx27-xqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83701?format=api", "vulnerability_id": "VCID-nnw4-axam-qbb2", "summary": "LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78092", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78113", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.7814", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.814", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81326", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81329", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81328", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81358", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.81364", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01527", "scoring_system": "epss", "scoring_elements": "0.8138", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553334", "reference_id": "1553334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3065", "reference_id": "RHSA-2018:3065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3065" }, { "reference_url": "https://usn.ubuntu.com/3615-1/", "reference_id": "USN-3615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3615-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928375?format=api", "purl": "pkg:deb/debian/libraw@0.18.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5801" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnw4-axam-qbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81470?format=api", "vulnerability_id": "VCID-npjj-h25x-c7ge", "summary": "LibRaw: Out-of-bounds read in get_huffman_diff() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08257", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.081", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08164", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08138", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122356", "reference_id": "2122356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122356" }, { "reference_url": "https://usn.ubuntu.com/5715-1/", "reference_id": "USN-5715-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5715-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35531" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-npjj-h25x-c7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83594?format=api", "vulnerability_id": "VCID-pknf-eqgp-nqba", "summary": "LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54453", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54552", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54521", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54567", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54561", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54577", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54578", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54535", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54514", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54463", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54505", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591879", "reference_id": "1591879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591879" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928376?format=api", "purl": "pkg:deb/debian/libraw@0.18.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5804" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pknf-eqgp-nqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81132?format=api", "vulnerability_id": "VCID-pnd8-8z2d-4bh3", "summary": "LibRaw: lack of thumbnail size range check can lead to buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88169", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88194", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88225", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88236", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88229", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88242", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88241", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.8826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88265", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88267", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0387", "scoring_system": "epss", "scoring_elements": "0.88294", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853477", "reference_id": "1853477", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853477" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747", "reference_id": "964747", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15503", "reference_id": "CVE-2020-15503", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/5715-1/", "reference_id": "USN-5715-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5715-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928379?format=api", "purl": "pkg:deb/debian/libraw@0.20.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15503" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnd8-8z2d-4bh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32050?format=api", "vulnerability_id": "VCID-qncn-bvgd-r3eq", "summary": "Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n the worst of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02433", "scoring_system": "epss", "scoring_elements": "0.85246", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87029", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.8707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87075", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87079", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87076", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87095", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87101", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87121", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87059", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353", "reference_id": "710353", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316", "reference_id": "711316", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=968385", "reference_id": "968385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=968385" }, { "reference_url": "https://security.gentoo.org/glsa/201309-09", "reference_id": "GLSA-201309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-09" }, { "reference_url": "https://usn.ubuntu.com/1884-1/", "reference_id": "USN-1884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1884-1/" }, { "reference_url": "https://usn.ubuntu.com/1885-1/", "reference_id": "USN-1885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928365?format=api", "purl": "pkg:deb/debian/libraw@0.15.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2126" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qncn-bvgd-r3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83800?format=api", "vulnerability_id": "VCID-s2hb-xe27-ryeq", "summary": "libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68575", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68749", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68729", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68707", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68589", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.6864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68658", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68682", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68689", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68669", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68717", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68723", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524859", "reference_id": "1524859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524859" }, { "reference_url": "https://usn.ubuntu.com/3615-1/", "reference_id": "USN-3615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3615-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928370?format=api", "purl": "pkg:deb/debian/libraw@0.18.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16909" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2hb-xe27-ryeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83254?format=api", "vulnerability_id": "VCID-sptp-9b5b-r7gq", "summary": "LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.7002", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70032", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70023", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70071", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70087", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70097", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70084", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70127", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70167", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70174", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70173", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70149", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70191", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610156", "reference_id": "1610156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610156" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928377?format=api", "purl": "pkg:deb/debian/libraw@0.18.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5816" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sptp-9b5b-r7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82923?format=api", "vulnerability_id": "VCID-tb2p-ef7f-f7cj", "summary": "libraw: Heap-based buffer overflow in LibRaw::raw2image() resulting in a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63343", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.635", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63487", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63403", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63395", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63464", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63482", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63466", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.6343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63463", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63471", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63456", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/195" }, { "reference_url": "http://www.securityfocus.com/bid/106299", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106299" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663964", "reference_id": "1663964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663964" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111", "reference_id": "917111", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20365", "reference_id": "CVE-2018-20365", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20365" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928374?format=api", "purl": "pkg:deb/debian/libraw@0.19.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20365" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tb2p-ef7f-f7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17597?format=api", "vulnerability_id": "VCID-th8h-py4c-47da", "summary": "Out-of-bounds Write\nA flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19558", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19325", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19454", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19354", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19315", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19322", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19336", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19234", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19223", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19182", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19075", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19157", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1729" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/557" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281", "reference_id": "1036281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1729", "reference_id": "CVE-2023-1729", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1729" }, { "reference_url": "https://security.gentoo.org/glsa/202312-08", "reference_id": "GLSA-202312-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202312-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2137", "reference_id": "RHSA-2024:2137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2137" }, { "reference_url": "https://usn.ubuntu.com/6137-1/", "reference_id": "USN-6137-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6137-1/" }, { "reference_url": "https://usn.ubuntu.com/7266-1/", "reference_id": "USN-7266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928381?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-1729" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th8h-py4c-47da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81169?format=api", "vulnerability_id": "VCID-u8vk-5w4q-4baj", "summary": "LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51731", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51767", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51822", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51877", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51883", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51866", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51814", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5182", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51777", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51726", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51778", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852093", "reference_id": "1852093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852093" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15365", "reference_id": "CVE-2020-15365", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928366?format=api", "purl": "pkg:deb/debian/libraw@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15365" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8vk-5w4q-4baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60652?format=api", "vulnerability_id": "VCID-urry-mwtn-9ua4", "summary": "A buffer overread in LibRaw might allow an attacker to cause denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68831", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6887", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68927", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68939", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68949", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68928", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68979", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68985", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6899", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6897", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.69014", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928794", "reference_id": "1928794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928794" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24870", "reference_id": "CVE-2020-24870", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24870" }, { "reference_url": "https://security.gentoo.org/glsa/202208-07", "reference_id": "GLSA-202208-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4381", "reference_id": "RHSA-2021:4381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4381" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928380?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-24870" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urry-mwtn-9ua4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83422?format=api", "vulnerability_id": "VCID-v4se-wza6-a3dt", "summary": "libRaw: heap-based buffer overflow in rollei_load_raw in internal/dcraw_common.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65977", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66015", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66064", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66077", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66096", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66088", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66102", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6609", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66122", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6612", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66098", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66143", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610479", "reference_id": "1610479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610479" }, { "reference_url": "https://usn.ubuntu.com/3838-1/", "reference_id": "USN-3838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928372?format=api", "purl": "pkg:deb/debian/libraw@0.18.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5810" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4se-wza6-a3dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83986?format=api", "vulnerability_id": "VCID-wgdh-xnty-mbga", "summary": "libraw: Stack based buffer overflow in the xtrans_interpolate function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76236", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76148", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76152", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76135", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76175", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76185", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76196", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76206", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76095", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.7611", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01644", "scoring_system": "epss", "scoring_elements": "0.81894", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82397", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01731", "scoring_system": "epss", "scoring_elements": "0.82415", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/99" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494405", "reference_id": "1494405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494405" }, { "reference_url": "https://security.archlinux.org/ASA-201709-18", "reference_id": "ASA-201709-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-18" }, { "reference_url": "https://security.archlinux.org/AVG-410", "reference_id": "AVG-410", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-410" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14265", "reference_id": "CVE-2017-14265", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14265" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928369?format=api", "purl": "pkg:deb/debian/libraw@0.18.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14265" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdh-xnty-mbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36434?format=api", "vulnerability_id": "VCID-xswq-6aae-nqfb", "summary": "A buffer overflow in DCRaw might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87776", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87659", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87669", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87683", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87704", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.8771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87721", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87715", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87713", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87727", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87742", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87749", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87747", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03564", "scoring_system": "epss", "scoring_elements": "0.87761", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221249", "reference_id": "1221249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221249" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019", "reference_id": "785019", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785", "reference_id": "786785", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788", "reference_id": "786788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790", "reference_id": "786790", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792", "reference_id": "786792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299", "reference_id": "792299", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299" }, { "reference_url": "https://security.gentoo.org/glsa/201701-54", "reference_id": "GLSA-201701-54", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-54" }, { "reference_url": "https://security.gentoo.org/glsa/201701-60", "reference_id": "GLSA-201701-60", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-60" }, { "reference_url": "https://security.gentoo.org/glsa/201706-17", "reference_id": "GLSA-201706-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-17" }, { "reference_url": "https://usn.ubuntu.com/3492-1/", "reference_id": "USN-3492-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3492-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928367?format=api", "purl": "pkg:deb/debian/libraw@0.16.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.16.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3885" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xswq-6aae-nqfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70180?format=api", "vulnerability_id": "VCID-y455-nxwt-7ygd", "summary": "LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54155", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54258", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54219", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54262", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54243", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54222", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.58961", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.5901", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "reference_id": "0.21.3...0.21.4", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/" } ], "url": "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781", "reference_id": "1103781", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361283", "reference_id": "2361283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361283" }, { "reference_url": "https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2", "reference_id": "66fe663e02a4dd610b4e832f5d9af326709336c2", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/" } ], "url": "https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2" }, { "reference_url": "https://www.libraw.org/news/libraw-0-21-4-release", "reference_id": "libraw-0-21-4-release", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/" } ], "url": "https://www.libraw.org/news/libraw-0-21-4-release" }, { "reference_url": "https://usn.ubuntu.com/7485-1/", "reference_id": "USN-7485-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7485-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928382?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928383?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-43961" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y455-nxwt-7ygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82929?format=api", "vulnerability_id": "VCID-zez2-rb1h-6yef", "summary": "libraw: NULL pointer dereference in LibRaw::raw2image resulting in a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.6549", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65618", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65568", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65604", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65734", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6575", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6576", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65783", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65702", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65751", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65736", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibRaw/LibRaw/issues/193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LibRaw/LibRaw/issues/193" }, { "reference_url": "http://www.securityfocus.com/bid/106299", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106299" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663960", "reference_id": "1663960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663960" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917113", "reference_id": "917113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917113" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20363", "reference_id": "CVE-2018-20363", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20363" }, { "reference_url": "https://usn.ubuntu.com/3989-1/", "reference_id": "USN-3989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928374?format=api", "purl": "pkg:deb/debian/libraw@0.19.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928362?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928360?format=api", "purl": "pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928364?format=api", "purl": "pkg:deb/debian/libraw@0.21.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928363?format=api", "purl": "pkg:deb/debian/libraw@0.21.5b-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20363" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zez2-rb1h-6yef" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie" }